diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml index d15f9beaf..ff8f5a142 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml @@ -2586,8 +2586,6 @@ spec: required: - "volumeSnapshotClassName" type: "object" - required: - - "pgbackrest" type: "object" config: properties: @@ -10166,7 +10164,6 @@ spec: - "name" x-kubernetes-list-type: "map" required: - - "backups" - "instances" - "postgresVersion" type: "object" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationkits.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationkits.yaml index 5ac442b98..d1252c977 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationkits.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationkits.yaml @@ -352,6 +352,15 @@ spec: baseImage: description: "base image used by the kit (could be another IntegrationKit)" type: "string" + catalog: + description: "the catalog used to build/operate the IntegrationKit." + properties: + provider: + description: "RuntimeProvider is the provider chosen for the runtime." + type: "string" + version: + type: "string" + type: "object" conditions: description: "a list of conditions which happened for the events related the kit" items: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml index 4e7f36b0f..335b7207b 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml @@ -897,6 +897,9 @@ spec: host: description: "To configure the host exposed by the ingress." type: "string" + ingressClassName: + description: "The Ingress class name as defined by the Ingress spec\nSee https://kubernetes.io/docs/concepts/services-networking/ingress/" + type: "string" path: description: "To configure the path exposed by the ingress (default `/`)." type: "string" @@ -2453,6 +2456,9 @@ spec: host: description: "To configure the host exposed by the ingress." type: "string" + ingressClassName: + description: "The Ingress class name as defined by the Ingress spec\nSee https://kubernetes.io/docs/concepts/services-networking/ingress/" + type: "string" path: description: "To configure the path exposed by the ingress (default `/`)." type: "string" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml index 994821463..64a99964d 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml @@ -798,6 +798,9 @@ spec: host: description: "To configure the host exposed by the ingress." type: "string" + ingressClassName: + description: "The Ingress class name as defined by the Ingress spec\nSee https://kubernetes.io/docs/concepts/services-networking/ingress/" + type: "string" path: description: "To configure the path exposed by the ingress (default `/`)." type: "string" @@ -2262,6 +2265,9 @@ spec: host: description: "To configure the host exposed by the ingress." type: "string" + ingressClassName: + description: "The Ingress class name as defined by the Ingress spec\nSee https://kubernetes.io/docs/concepts/services-networking/ingress/" + type: "string" path: description: "To configure the path exposed by the ingress (default `/`)." type: "string" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml index 364d83ba0..04416fd11 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml @@ -35,6 +35,10 @@ spec: jsonPath: ".status.runtimeVersion" name: "Runtime Version" type: "string" + - description: "The catalog version" + jsonPath: ".status.catalog.version" + name: "Catalog Version" + type: "string" - description: "The integration kit" jsonPath: ".status.integrationKit.name" name: "Kit" @@ -4418,6 +4422,9 @@ spec: host: description: "To configure the host exposed by the ingress." type: "string" + ingressClassName: + description: "The Ingress class name as defined by the Ingress spec\nSee https://kubernetes.io/docs/concepts/services-networking/ingress/" + type: "string" path: description: "To configure the path exposed by the ingress (default `/`)." type: "string" @@ -5095,6 +5102,15 @@ spec: items: type: "string" type: "array" + catalog: + description: "the catalog used to build/operate the Integration." + properties: + provider: + description: "RuntimeProvider is the provider chosen for the runtime." + type: "string" + version: + type: "string" + type: "object" conditions: description: "a list of events happened for the Integration" items: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/kamelets.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/kamelets.yaml index 5ccdbbdcc..3bbdece13 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/kamelets.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/kamelets.yaml @@ -19,10 +19,22 @@ spec: scope: "Namespaced" versions: - additionalPrinterColumns: - - description: "The Kamelet phase" - jsonPath: ".status.phase" + - description: "The Kamelet type" + jsonPath: ".metadata.labels.camel\\.apache\\.org\\/kamelet\\.type" name: "Type" type: "string" + - description: "The Kamelet provider" + jsonPath: ".metadata.annotations.camel\\.apache\\.org\\/provider" + name: "Provider" + type: "string" + - description: "The Kamelet bundled" + jsonPath: ".metadata.labels.camel\\.apache\\.org\\/kamelet\\.bundled" + name: "Bundled" + type: "string" + - description: "The Camel compatible version" + jsonPath: ".metadata.annotations.camel\\.apache\\.org\\/catalog\\.version" + name: "Camel Version" + type: "string" name: "v1" schema: openAPIV3Schema: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml index cdfca7e3c..cfdab7610 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml @@ -4409,6 +4409,9 @@ spec: host: description: "To configure the host exposed by the ingress." type: "string" + ingressClassName: + description: "The Ingress class name as defined by the Ingress spec\nSee https://kubernetes.io/docs/concepts/services-networking/ingress/" + type: "string" path: description: "To configure the path exposed by the ingress (default `/`)." type: "string" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml index bdf658ce6..9fa8917ac 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml @@ -4411,6 +4411,9 @@ spec: host: description: "To configure the host exposed by the ingress." type: "string" + ingressClassName: + description: "The Ingress class name as defined by the Ingress spec\nSee https://kubernetes.io/docs/concepts/services-networking/ingress/" + type: "string" path: description: "To configure the path exposed by the ingress (default `/`)." type: "string" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml index 63900d4d2..99200cc7f 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml @@ -6890,6 +6890,12 @@ spec: - "Required" - "Optional" type: "string" + shortName: + description: "Reference to the short name of the Component object." + enum: + - "Required" + - "Optional" + type: "string" type: "object" configMapKeyRef: description: "Selects a key of a ConfigMap." diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsdefinitions.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsdefinitions.yaml index 3e281c236..cbcce69c8 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsdefinitions.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsdefinitions.yaml @@ -11,7 +11,6 @@ spec: names: categories: - "kubeblocks" - - "all" kind: "OpsDefinition" listKind: "OpsDefinitionList" plural: "opsdefinitions" diff --git a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml index debed4f5f..3d840f1fb 100644 --- a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml +++ b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml @@ -648,6 +648,39 @@ spec: disableServiceLinks: description: "Disable information about services being injected into the application pod's environment variables. Default to false." type: "boolean" + dns: + description: "DNS settings for the pod." + properties: + config: + description: "The DNS Config for the application pod." + properties: + nameservers: + description: "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed." + items: + type: "string" + type: "array" + options: + description: "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy." + items: + description: "PodDNSConfigOption defines DNS resolver options of a pod." + properties: + name: + description: "Required." + type: "string" + value: + type: "string" + type: "object" + type: "array" + searches: + description: "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed." + items: + type: "string" + type: "array" + type: "object" + policy: + description: "The DNS Policy for the application pod." + type: "string" + type: "object" env: description: "An array of environment variables for the application container." items: @@ -1059,7 +1092,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1195,7 +1228,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1280,6 +1313,23 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + description: "Resources resize policy for the container." + items: + description: "ContainerResizePolicy represents resource resize policy for the container." + properties: + resourceName: + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." + type: "string" + restartPolicy: + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: @@ -1314,9 +1364,12 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" + restartPolicy: + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." + type: "string" securityContext: description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: @@ -1379,7 +1432,7 @@ spec: description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." @@ -1397,7 +1450,7 @@ spec: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." @@ -1421,7 +1474,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1584,13 +1637,13 @@ spec: endpoints: description: "A YAML snippet representing an array of Endpoint component from ServiceMonitor." items: - description: "Endpoint defines a scrapeable endpoint serving Prometheus metrics." + description: "Endpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus." properties: authorization: - description: "Authorization section for this endpoint" + description: "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: - description: "The secret's key that contains the credentials of the request" + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1606,14 +1659,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Set the authentication type. Defaults to Bearer, Basic will cause an\nerror" + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth allow an endpoint to authenticate over basic authentication\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" + description: "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: - description: "The secret in the service monitor namespace that contains the password\nfor authentication." + description: "`password` specifies a key of a Secret containing the password for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1629,7 +1682,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" username: - description: "The secret in the service monitor namespace that contains the username\nfor authentication." + description: "`username` specifies a key of a Secret containing the username for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1646,10 +1699,10 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenFile: - description: "File to read bearer token for scraping targets." + description: "File to read bearer token for scraping the target.\n\n\nDeprecated: use `authorization` instead." type: "string" bearerTokenSecret: - description: "Secret to mount to read bearer token for scraping targets. The secret\nneeds to be in the same namespace as the service monitor and accessible by\nthe Prometheus Operator." + description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\n\nDeprecated: use `authorization` instead." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1665,32 +1718,32 @@ spec: type: "object" x-kubernetes-map-type: "atomic" enableHttp2: - description: "Whether to enable HTTP2." + description: "`enableHttp2` can be used to disable HTTP2 when scraping the target." type: "boolean" filterRunning: - description: "Drop pods that are not running. (Failed, Succeeded). Enabled by default.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" + description: "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\n\nIf unset, the filtering is enabled.\n\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" type: "boolean" followRedirects: - description: "FollowRedirects configures whether scrape requests follow HTTP 3xx redirects." + description: "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects." type: "boolean" honorLabels: - description: "HonorLabels chooses the metric's labels on collisions with target labels." + description: "When true, `honorLabels` preserves the metric's labels when they collide\nwith the target's labels." type: "boolean" honorTimestamps: - description: "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data." + description: "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target." type: "boolean" interval: - description: "Interval at which metrics should be scraped\nIf not specified Prometheus' global scrape interval is used." + description: "Interval at which Prometheus scrapes the metrics from the target.\n\n\nIf empty, Prometheus uses the global scrape interval." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" metricRelabelings: - description: "MetricRelabelConfigs to apply to samples before ingestion." + description: "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion." items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion.\nIt defines ``-section of Prometheus configuration.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on regex matching. Default is 'replace'.\nuppercase and lowercase actions require Prometheus >= 2.36." + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -1716,35 +1769,35 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: - description: "Regular expression against which the extracted value is matched. Default is '(.*)'" + description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a regex replace is performed if the\nregular expression matches. Regex capture groups are available. Default is '$1'" + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: - description: "Separator placed between concatenated source label values. default is ';'." + description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated\nusing the configured separator and matched against the configured regular expression\nfor the replace, keep, and drop actions." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting value is written in a replace action.\nIt is mandatory for replace actions. Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" oauth2: - description: "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." + description: "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\n\nIt requires Prometheus >= 2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: - description: "The secret or configmap containing the OAuth2 client id" + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." properties: configMap: description: "ConfigMap containing data to use for the targets." @@ -1780,7 +1833,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" clientSecret: - description: "The secret containing the OAuth2 client secret" + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1798,15 +1851,15 @@ spec: endpointParams: additionalProperties: type: "string" - description: "Parameters to append to the token URL" + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" scopes: - description: "OAuth2 scopes used for the token request" + description: "`scopes` defines the OAuth2 scopes used for the token request." items: type: "string" type: "array" tokenUrl: - description: "The URL to fetch the token from" + description: "`tokenURL` configures the URL to fetch the token from." minLength: 1 type: "string" required: @@ -1819,25 +1872,25 @@ spec: items: type: "string" type: "array" - description: "Optional HTTP URL parameters" + description: "params define optional HTTP URL parameters." type: "object" path: - description: "HTTP path to scrape for metrics.\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." + description: "HTTP path from which to scrape for metrics.\n\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." type: "string" port: - description: "Name of the service port this endpoint refers to. Mutually exclusive with targetPort." + description: "Name of the Service port which this endpoint refers to.\n\n\nIt takes precedence over `targetPort`." type: "string" proxyUrl: - description: "ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint." + description: "`proxyURL` configures the HTTP Proxy URL (e.g.\n\"http://proxyserver:2195\") to go through when scraping the target." type: "string" relabelings: - description: "RelabelConfigs to apply to samples before scraping.\nPrometheus Operator automatically adds relabelings for a few standard Kubernetes fields.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion.\nIt defines ``-section of Prometheus configuration.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on regex matching. Default is 'replace'.\nuppercase and lowercase actions require Prometheus >= 2.36." + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -1863,45 +1916,48 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: - description: "Regular expression against which the extracted value is matched. Default is '(.*)'" + description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a regex replace is performed if the\nregular expression matches. Regex capture groups are available. Default is '$1'" + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: - description: "Separator placed between concatenated source label values. default is ';'." + description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated\nusing the configured separator and matched against the configured regular expression\nfor the replace, keep, and drop actions." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting value is written in a replace action.\nIt is mandatory for replace actions. Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" scheme: - description: "HTTP scheme to use for scraping." + description: "HTTP scheme to use for scraping.\n\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\n\nIf empty, Prometheus uses the default value `http`." + enum: + - "http" + - "https" type: "string" scrapeTimeout: - description: "Timeout after which the scrape is ended\nIf not specified, the Prometheus global scrape timeout is used unless it is less than `Interval` in which the latter is used." + description: "Timeout after which Prometheus considers the scrape to be failed.\n\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" targetPort: anyOf: - type: "integer" - type: "string" - description: "Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port." + description: "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\n\nDeprecated: use `port` instead." x-kubernetes-int-or-string: true tlsConfig: - description: "TLS configuration to use when scraping the endpoint" + description: "TLS configuration to use when scraping the target." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -2007,6 +2063,9 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" + trackTimestampsStaleness: + description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\n\nIt requires Prometheus >= v2.48.0." + type: "boolean" type: "object" type: "array" x-kubernetes-list-type: "atomic" @@ -2053,7 +2112,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -2155,7 +2214,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -2257,7 +2316,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -2387,7 +2446,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" route: @@ -2479,7 +2538,7 @@ spec: description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." @@ -2497,7 +2556,7 @@ spec: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." @@ -2548,7 +2607,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis field follows standard Kubernetes label syntax.\nUn-prefixed names are reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\nNon-standard protocols should use prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -2886,7 +2945,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -3022,7 +3081,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -3107,6 +3166,23 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + description: "Resources resize policy for the container." + items: + description: "ContainerResizePolicy represents resource resize policy for the container." + properties: + resourceName: + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." + type: "string" + restartPolicy: + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: @@ -3141,9 +3217,12 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" + restartPolicy: + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." + type: "string" securityContext: description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: @@ -3206,7 +3285,7 @@ spec: description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." @@ -3224,7 +3303,7 @@ spec: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." @@ -3248,7 +3327,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -3531,7 +3610,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -3583,6 +3662,13 @@ spec: items: type: "string" type: "array" + allocatedResourceStatuses: + additionalProperties: + description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." + type: "string" + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + type: "object" + x-kubernetes-map-type: "granular" allocatedResources: additionalProperties: anyOf: @@ -3590,7 +3676,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may\nbe larger than the actual capacity when a volume expansion operation is requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -3604,7 +3690,7 @@ spec: conditions: description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'ResizeStarted'." items: - description: "PersistentVolumeClaimCondition contails details about state of pvc" + description: "PersistentVolumeClaimCondition contains details about state of pvc" properties: lastProbeTime: description: "lastProbeTime is the time we probed the condition." @@ -3633,9 +3719,6 @@ spec: phase: description: "phase represents the current phase of PersistentVolumeClaim." type: "string" - resizeStatus: - description: "resizeStatus stores status of resize operation.\nResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty\nstring by resize controller or kubelet.\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." - type: "string" type: "object" type: "object" type: "object" @@ -3661,6 +3744,29 @@ spec: type: "string" type: "object" type: "object" + tolerations: + description: "Tolerations to be added to application pods. Tolerations allow the scheduler to schedule pods on nodes with matching taints." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" topologySpreadConstraints: description: "Defines the topology spread constraints" properties: @@ -3701,7 +3807,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. Keys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -4014,7 +4120,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: http://kubernetes.io/docs/user-guide/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -4122,7 +4228,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: diff --git a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1beta2/runtimecomponents.yaml b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1beta2/runtimecomponents.yaml index 74726d861..3d86d12f1 100644 --- a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1beta2/runtimecomponents.yaml +++ b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1beta2/runtimecomponents.yaml @@ -1014,7 +1014,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1150,7 +1150,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1235,6 +1235,23 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + description: "Resources resize policy for the container." + items: + description: "ContainerResizePolicy represents resource resize policy for the container." + properties: + resourceName: + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." + type: "string" + restartPolicy: + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: @@ -1269,9 +1286,12 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" + restartPolicy: + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." + type: "string" securityContext: description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: @@ -1334,7 +1354,7 @@ spec: description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." @@ -1352,7 +1372,7 @@ spec: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." @@ -1376,7 +1396,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1536,13 +1556,13 @@ spec: endpoints: description: "A YAML snippet representing an array of Endpoint component from ServiceMonitor." items: - description: "Endpoint defines a scrapeable endpoint serving Prometheus metrics." + description: "Endpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus." properties: authorization: - description: "Authorization section for this endpoint" + description: "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: - description: "The secret's key that contains the credentials of the request" + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1558,14 +1578,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Set the authentication type. Defaults to Bearer, Basic will cause an\nerror" + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth allow an endpoint to authenticate over basic authentication\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" + description: "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: - description: "The secret in the service monitor namespace that contains the password\nfor authentication." + description: "`password` specifies a key of a Secret containing the password for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1581,7 +1601,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" username: - description: "The secret in the service monitor namespace that contains the username\nfor authentication." + description: "`username` specifies a key of a Secret containing the username for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1598,10 +1618,10 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenFile: - description: "File to read bearer token for scraping targets." + description: "File to read bearer token for scraping the target.\n\n\nDeprecated: use `authorization` instead." type: "string" bearerTokenSecret: - description: "Secret to mount to read bearer token for scraping targets. The secret\nneeds to be in the same namespace as the service monitor and accessible by\nthe Prometheus Operator." + description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\n\nDeprecated: use `authorization` instead." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1617,32 +1637,32 @@ spec: type: "object" x-kubernetes-map-type: "atomic" enableHttp2: - description: "Whether to enable HTTP2." + description: "`enableHttp2` can be used to disable HTTP2 when scraping the target." type: "boolean" filterRunning: - description: "Drop pods that are not running. (Failed, Succeeded). Enabled by default.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" + description: "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\n\nIf unset, the filtering is enabled.\n\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" type: "boolean" followRedirects: - description: "FollowRedirects configures whether scrape requests follow HTTP 3xx redirects." + description: "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects." type: "boolean" honorLabels: - description: "HonorLabels chooses the metric's labels on collisions with target labels." + description: "When true, `honorLabels` preserves the metric's labels when they collide\nwith the target's labels." type: "boolean" honorTimestamps: - description: "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data." + description: "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target." type: "boolean" interval: - description: "Interval at which metrics should be scraped\nIf not specified Prometheus' global scrape interval is used." + description: "Interval at which Prometheus scrapes the metrics from the target.\n\n\nIf empty, Prometheus uses the global scrape interval." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" metricRelabelings: - description: "MetricRelabelConfigs to apply to samples before ingestion." + description: "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion." items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion.\nIt defines ``-section of Prometheus configuration.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on regex matching. Default is 'replace'.\nuppercase and lowercase actions require Prometheus >= 2.36." + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -1668,35 +1688,35 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: - description: "Regular expression against which the extracted value is matched. Default is '(.*)'" + description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a regex replace is performed if the\nregular expression matches. Regex capture groups are available. Default is '$1'" + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: - description: "Separator placed between concatenated source label values. default is ';'." + description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated\nusing the configured separator and matched against the configured regular expression\nfor the replace, keep, and drop actions." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting value is written in a replace action.\nIt is mandatory for replace actions. Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" oauth2: - description: "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." + description: "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\n\nIt requires Prometheus >= 2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: - description: "The secret or configmap containing the OAuth2 client id" + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." properties: configMap: description: "ConfigMap containing data to use for the targets." @@ -1732,7 +1752,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" clientSecret: - description: "The secret containing the OAuth2 client secret" + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -1750,15 +1770,15 @@ spec: endpointParams: additionalProperties: type: "string" - description: "Parameters to append to the token URL" + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" scopes: - description: "OAuth2 scopes used for the token request" + description: "`scopes` defines the OAuth2 scopes used for the token request." items: type: "string" type: "array" tokenUrl: - description: "The URL to fetch the token from" + description: "`tokenURL` configures the URL to fetch the token from." minLength: 1 type: "string" required: @@ -1771,25 +1791,25 @@ spec: items: type: "string" type: "array" - description: "Optional HTTP URL parameters" + description: "params define optional HTTP URL parameters." type: "object" path: - description: "HTTP path to scrape for metrics.\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." + description: "HTTP path from which to scrape for metrics.\n\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." type: "string" port: - description: "Name of the service port this endpoint refers to. Mutually exclusive with targetPort." + description: "Name of the Service port which this endpoint refers to.\n\n\nIt takes precedence over `targetPort`." type: "string" proxyUrl: - description: "ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint." + description: "`proxyURL` configures the HTTP Proxy URL (e.g.\n\"http://proxyserver:2195\") to go through when scraping the target." type: "string" relabelings: - description: "RelabelConfigs to apply to samples before scraping.\nPrometheus Operator automatically adds relabelings for a few standard Kubernetes fields.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion.\nIt defines ``-section of Prometheus configuration.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on regex matching. Default is 'replace'.\nuppercase and lowercase actions require Prometheus >= 2.36." + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -1815,45 +1835,48 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: - description: "Regular expression against which the extracted value is matched. Default is '(.*)'" + description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a regex replace is performed if the\nregular expression matches. Regex capture groups are available. Default is '$1'" + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: - description: "Separator placed between concatenated source label values. default is ';'." + description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated\nusing the configured separator and matched against the configured regular expression\nfor the replace, keep, and drop actions." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting value is written in a replace action.\nIt is mandatory for replace actions. Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" scheme: - description: "HTTP scheme to use for scraping." + description: "HTTP scheme to use for scraping.\n\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\n\nIf empty, Prometheus uses the default value `http`." + enum: + - "http" + - "https" type: "string" scrapeTimeout: - description: "Timeout after which the scrape is ended\nIf not specified, the Prometheus global scrape timeout is used unless it is less than `Interval` in which the latter is used." + description: "Timeout after which Prometheus considers the scrape to be failed.\n\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" targetPort: anyOf: - type: "integer" - type: "string" - description: "Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port." + description: "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\n\nDeprecated: use `port` instead." x-kubernetes-int-or-string: true tlsConfig: - description: "TLS configuration to use when scraping the endpoint" + description: "TLS configuration to use when scraping the target." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -1959,6 +1982,9 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" + trackTimestampsStaleness: + description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\n\nIt requires Prometheus >= v2.48.0." + type: "boolean" type: "object" type: "array" x-kubernetes-list-type: "atomic" @@ -1988,7 +2014,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -2090,7 +2116,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -2192,7 +2218,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -2322,7 +2348,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" route: @@ -2387,7 +2413,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis field follows standard Kubernetes label syntax.\nUn-prefixed names are reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\nNon-standard protocols should use prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -2715,7 +2741,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -2851,7 +2877,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -2936,6 +2962,23 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + description: "Resources resize policy for the container." + items: + description: "ContainerResizePolicy represents resource resize policy for the container." + properties: + resourceName: + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." + type: "string" + restartPolicy: + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: @@ -2970,9 +3013,12 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" + restartPolicy: + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." + type: "string" securityContext: description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: @@ -3035,7 +3081,7 @@ spec: description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." @@ -3053,7 +3099,7 @@ spec: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container.\nThis field is alpha-level and will only be honored by components that enable the\nWindowsHostProcessContainers feature flag. Setting this field without the feature\nflag will result in errors when validating the Pod. All of a Pod's containers must\nhave the same effective HostProcess value (it is not allowed to have a mix of HostProcess\ncontainers and non-HostProcess containers). In addition, if HostProcess is true\nthen HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." @@ -3077,7 +3123,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port.\nThis is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -3356,7 +3402,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -3408,6 +3454,13 @@ spec: items: type: "string" type: "array" + allocatedResourceStatuses: + additionalProperties: + description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." + type: "string" + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + type: "object" + x-kubernetes-map-type: "granular" allocatedResources: additionalProperties: anyOf: @@ -3415,7 +3468,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may\nbe larger than the actual capacity when a volume expansion operation is requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -3429,7 +3482,7 @@ spec: conditions: description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'ResizeStarted'." items: - description: "PersistentVolumeClaimCondition contails details about state of pvc" + description: "PersistentVolumeClaimCondition contains details about state of pvc" properties: lastProbeTime: description: "lastProbeTime is the time we probed the condition." @@ -3458,9 +3511,6 @@ spec: phase: description: "phase represents the current phase of PersistentVolumeClaim." type: "string" - resizeStatus: - description: "resizeStatus stores status of resize operation.\nResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty\nstring by resize controller or kubelet.\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." - type: "string" type: "object" type: "object" type: "object" @@ -3764,7 +3814,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: http://kubernetes.io/docs/user-guide/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" @@ -3872,7 +3922,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml index f8b623b53..f7067d37d 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml @@ -5,17 +5,6 @@ metadata: controller-gen.kubebuilder.io/version: "v0.16.1" name: "ec2nodeclasses.karpenter.k8s.aws" spec: - conversion: - strategy: "Webhook" - webhook: - clientConfig: - service: - name: "karpenter" - namespace: "kube-system" - port: 8443 - conversionReviewVersions: - - "v1beta1" - - "v1" group: "karpenter.k8s.aws" names: categories: diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml index fe512d0dc..fbe14fb40 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml @@ -5,17 +5,6 @@ metadata: controller-gen.kubebuilder.io/version: "v0.16.1" name: "nodeclaims.karpenter.sh" spec: - conversion: - strategy: "Webhook" - webhook: - clientConfig: - service: - name: "karpenter" - namespace: "kube-system" - port: 8443 - conversionReviewVersions: - - "v1beta1" - - "v1" group: "karpenter.sh" names: categories: diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml index 33bab8d82..0665e2bd9 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml @@ -5,17 +5,6 @@ metadata: controller-gen.kubebuilder.io/version: "v0.16.1" name: "nodepools.karpenter.sh" spec: - conversion: - strategy: "Webhook" - webhook: - clientConfig: - service: - name: "karpenter" - namespace: "kube-system" - port: 8443 - conversionReviewVersions: - - "v1beta1" - - "v1" group: "karpenter.sh" names: categories: @@ -87,9 +76,9 @@ spec: pattern: "^((100|[0-9]{1,2})%|[0-9]+)$" type: "string" reasons: - description: "Reasons is a list of disruption methods that this budget applies to. If Reasons is not set, this budget applies to all methods.\nOtherwise, this will apply to each reason defined.\nallowed reasons are Underutilized, Empty, and Drifted." + description: "Reasons is a list of disruption methods that this budget applies to. If Reasons is not set, this budget applies to all methods.\nOtherwise, this will apply to each reason defined.\nallowed reasons are Underutilized, Empty, and Drifted and additional CloudProvider-specific reasons." items: - description: "DisruptionReason defines valid reasons for disruption budgets." + description: "DisruptionReason defines valid reasons for disruption budgets.\nCloudProviders will need to append to the list of enums when implementing cloud provider disruption reasons" enum: - "Underutilized" - "Empty" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml index 3f98f1c0e..7b2df47e5 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml @@ -469,7 +469,7 @@ spec: type: "string" type: "array" host: - description: "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored." + description: "Host is an extended POSIX regex matched against the host header of a request. Examples: \n - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\\.bar\\.com will only match the host foo.bar.com \n If omitted or empty, the value of the host header is ignored." format: "idn-hostname" type: "string" method: @@ -1499,7 +1499,7 @@ spec: type: "string" type: "array" host: - description: "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored." + description: "Host is an extended POSIX regex matched against the host header of a request. Examples: \n - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\\.bar\\.com will only match the host foo.bar.com \n If omitted or empty, the value of the host header is ignored." format: "idn-hostname" type: "string" method: @@ -2364,7 +2364,7 @@ spec: type: "string" type: "array" host: - description: "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored." + description: "Host is an extended POSIX regex matched against the host header of a request. Examples: \n - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\\.bar\\.com will only match the host foo.bar.com \n If omitted or empty, the value of the host header is ignored." format: "idn-hostname" type: "string" method: @@ -3394,7 +3394,7 @@ spec: type: "string" type: "array" host: - description: "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored." + description: "Host is an extended POSIX regex matched against the host header of a request. Examples: \n - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\\.bar\\.com will only match the host foo.bar.com \n If omitted or empty, the value of the host header is ignored." format: "idn-hostname" type: "string" method: diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml index 127458158..cc33d5d1b 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml @@ -474,7 +474,7 @@ spec: type: "string" type: "array" host: - description: "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored." + description: "Host is an extended POSIX regex matched against the host header of a request. Examples: \n - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\\.bar\\.com will only match the host foo.bar.com \n If omitted or empty, the value of the host header is ignored." format: "idn-hostname" type: "string" method: @@ -1504,7 +1504,7 @@ spec: type: "string" type: "array" host: - description: "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored." + description: "Host is an extended POSIX regex matched against the host header of a request. Examples: \n - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\\.bar\\.com will only match the host foo.bar.com \n If omitted or empty, the value of the host header is ignored." format: "idn-hostname" type: "string" method: @@ -2369,7 +2369,7 @@ spec: type: "string" type: "array" host: - description: "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored." + description: "Host is an extended POSIX regex matched against the host header of a request. Examples: \n - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\\.bar\\.com will only match the host foo.bar.com \n If omitted or empty, the value of the host header is ignored." format: "idn-hostname" type: "string" method: @@ -3399,7 +3399,7 @@ spec: type: "string" type: "array" host: - description: "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored." + description: "Host is an extended POSIX regex matched against the host header of a request. Examples: \n - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\\.bar\\.com will only match the host foo.bar.com \n If omitted or empty, the value of the host header is ignored." format: "idn-hostname" type: "string" method: diff --git a/crd-catalog/clusterpedia-io/clusterpedia/cluster.clusterpedia.io/v1alpha2/clustersyncresources.yaml b/crd-catalog/clusterpedia-io/clusterpedia/cluster.clusterpedia.io/v1alpha2/clustersyncresources.yaml index f731e6856..ce5a026fe 100644 --- a/crd-catalog/clusterpedia-io/clusterpedia/cluster.clusterpedia.io/v1alpha2/clustersyncresources.yaml +++ b/crd-catalog/clusterpedia-io/clusterpedia/cluster.clusterpedia.io/v1alpha2/clustersyncresources.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "clustersyncresources.cluster.clusterpedia.io" spec: group: "cluster.clusterpedia.io" diff --git a/crd-catalog/clusterpedia-io/clusterpedia/cluster.clusterpedia.io/v1alpha2/pediaclusters.yaml b/crd-catalog/clusterpedia-io/clusterpedia/cluster.clusterpedia.io/v1alpha2/pediaclusters.yaml index 568e63dcb..501417784 100644 --- a/crd-catalog/clusterpedia-io/clusterpedia/cluster.clusterpedia.io/v1alpha2/pediaclusters.yaml +++ b/crd-catalog/clusterpedia-io/clusterpedia/cluster.clusterpedia.io/v1alpha2/pediaclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "pediaclusters.cluster.clusterpedia.io" spec: group: "cluster.clusterpedia.io" @@ -104,7 +104,7 @@ spec: type: "string" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -133,7 +133,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/clusterpedia-io/clusterpedia/policy.clusterpedia.io/v1alpha1/clusterimportpolicies.yaml b/crd-catalog/clusterpedia-io/clusterpedia/policy.clusterpedia.io/v1alpha1/clusterimportpolicies.yaml index 11abc0cb7..00ef1fd9f 100644 --- a/crd-catalog/clusterpedia-io/clusterpedia/policy.clusterpedia.io/v1alpha1/clusterimportpolicies.yaml +++ b/crd-catalog/clusterpedia-io/clusterpedia/policy.clusterpedia.io/v1alpha1/clusterimportpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "clusterimportpolicies.policy.clusterpedia.io" spec: group: "policy.clusterpedia.io" @@ -93,7 +93,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -122,7 +122,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/clusterpedia-io/clusterpedia/policy.clusterpedia.io/v1alpha1/pediaclusterlifecycles.yaml b/crd-catalog/clusterpedia-io/clusterpedia/policy.clusterpedia.io/v1alpha1/pediaclusterlifecycles.yaml index ce5eae769..655f616fc 100644 --- a/crd-catalog/clusterpedia-io/clusterpedia/policy.clusterpedia.io/v1alpha1/pediaclusterlifecycles.yaml +++ b/crd-catalog/clusterpedia-io/clusterpedia/policy.clusterpedia.io/v1alpha1/pediaclusterlifecycles.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "pediaclusterlifecycles.policy.clusterpedia.io" spec: group: "policy.clusterpedia.io" @@ -91,7 +91,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -120,7 +120,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/elastic/cloud-on-k8s/agent.k8s.elastic.co/v1alpha1/agents.yaml b/crd-catalog/elastic/cloud-on-k8s/agent.k8s.elastic.co/v1alpha1/agents.yaml index 489498ce7..e63a481e5 100644 --- a/crd-catalog/elastic/cloud-on-k8s/agent.k8s.elastic.co/v1alpha1/agents.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/agent.k8s.elastic.co/v1alpha1/agents.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "agents.agent.k8s.elastic.co" spec: group: "agent.k8s.elastic.co" @@ -276,13 +276,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -381,13 +381,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -485,13 +485,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -590,13 +590,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -692,7 +692,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -742,7 +742,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -769,7 +769,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -784,7 +784,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -983,7 +983,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1121,7 +1122,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1221,13 +1223,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1297,7 +1302,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1336,7 +1341,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1383,7 +1388,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1514,7 +1520,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1578,7 +1584,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1614,7 +1620,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1664,7 +1670,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1691,7 +1697,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1706,7 +1712,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1905,7 +1911,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2043,7 +2050,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2143,13 +2151,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2219,7 +2230,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2258,7 +2269,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2305,7 +2316,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2391,7 +2403,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2439,7 +2451,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2508,7 +2520,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2555,7 +2567,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2605,7 +2617,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2632,7 +2644,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2647,7 +2659,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2846,7 +2858,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2984,7 +2997,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3084,13 +3098,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3160,7 +3177,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3199,7 +3216,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3246,7 +3263,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3377,7 +3395,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3404,7 +3422,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3413,7 +3431,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3454,23 +3472,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3488,7 +3502,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3518,7 +3532,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3558,18 +3572,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3686,7 +3703,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3696,14 +3713,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3730,7 +3747,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3758,12 +3775,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -3809,7 +3828,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3833,7 +3852,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3873,7 +3892,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3894,7 +3913,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3982,10 +4001,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4111,7 +4130,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4128,7 +4147,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4172,7 +4191,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4193,7 +4212,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4240,7 +4259,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4251,6 +4270,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4261,7 +4290,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4270,6 +4299,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4290,7 +4320,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4368,12 +4398,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4449,7 +4479,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4536,7 +4566,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4592,12 +4622,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4607,6 +4638,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4617,11 +4649,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4632,6 +4665,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4648,7 +4682,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4656,6 +4690,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4721,7 +4756,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4766,7 +4801,7 @@ spec: description: "DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet." properties: rollingUpdate: - description: "Rolling update config params. Present only if type = \"RollingUpdate\".\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be. Same as Deployment `strategy.rollingUpdate`.\nSee https://github.com/kubernetes/kubernetes/issues/35345" + description: "Rolling update config params. Present only if type = \"RollingUpdate\"." properties: maxSurge: anyOf: @@ -4999,13 +5034,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5104,13 +5139,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5208,13 +5243,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5313,13 +5348,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5415,7 +5450,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5465,7 +5500,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5492,7 +5527,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -5507,7 +5542,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -5706,7 +5741,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -5844,7 +5880,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -5944,13 +5981,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6020,7 +6060,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -6059,7 +6099,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -6106,7 +6146,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6237,7 +6278,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -6301,7 +6342,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -6337,7 +6378,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6387,7 +6428,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6414,7 +6455,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -6429,7 +6470,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -6628,7 +6669,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6766,7 +6808,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6866,13 +6909,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6942,7 +6988,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -6981,7 +7027,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -7028,7 +7074,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7114,7 +7161,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -7162,7 +7209,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -7231,7 +7278,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -7278,7 +7325,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7328,7 +7375,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7355,7 +7402,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -7370,7 +7417,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -7569,7 +7616,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7707,7 +7755,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7807,13 +7856,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -7883,7 +7935,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -7922,7 +7974,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -7969,7 +8021,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -8100,7 +8153,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -8127,7 +8180,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -8136,7 +8189,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -8177,23 +8230,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -8211,7 +8260,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -8241,7 +8290,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -8281,18 +8330,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -8409,7 +8461,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -8419,14 +8471,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -8453,7 +8505,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -8481,12 +8533,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -8532,7 +8586,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8556,7 +8610,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8596,7 +8650,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -8617,7 +8671,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8705,10 +8759,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -8834,7 +8888,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -8851,7 +8905,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -8895,7 +8949,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8916,7 +8970,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -8963,7 +9017,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -8974,6 +9028,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -8984,7 +9048,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -8993,6 +9057,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -9013,7 +9078,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -9091,12 +9156,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -9172,7 +9237,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -9259,7 +9324,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -9315,12 +9380,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -9330,6 +9396,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -9340,11 +9407,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -9355,6 +9423,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -9371,7 +9440,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -9379,6 +9448,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -9444,7 +9514,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -9492,7 +9562,7 @@ spec: description: "DeploymentStrategy describes how to replace existing pods with new ones." properties: rollingUpdate: - description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate." properties: maxSurge: anyOf: @@ -9587,7 +9657,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -9612,7 +9682,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -9639,7 +9709,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -9706,7 +9776,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -10016,13 +10086,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -10121,13 +10191,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -10225,13 +10295,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -10330,13 +10400,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -10432,7 +10502,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -10482,7 +10552,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -10509,7 +10579,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -10524,7 +10594,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -10723,7 +10793,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -10861,7 +10932,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -10961,13 +11033,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -11037,7 +11112,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -11076,7 +11151,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -11123,7 +11198,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -11254,7 +11330,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -11318,7 +11394,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -11354,7 +11430,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -11404,7 +11480,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -11431,7 +11507,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -11446,7 +11522,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -11645,7 +11721,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -11783,7 +11860,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -11883,13 +11961,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -11959,7 +12040,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -11998,7 +12079,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -12045,7 +12126,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -12131,7 +12213,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -12179,7 +12261,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -12248,7 +12330,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -12295,7 +12377,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -12345,7 +12427,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -12372,7 +12454,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -12387,7 +12469,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -12586,7 +12668,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -12724,7 +12807,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -12824,13 +12908,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -12900,7 +12987,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -12939,7 +13026,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -12986,7 +13073,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -13117,7 +13205,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -13144,7 +13232,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -13153,7 +13241,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -13194,23 +13282,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -13228,7 +13312,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -13258,7 +13342,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -13298,18 +13382,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -13426,7 +13513,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -13436,14 +13523,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -13470,7 +13557,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -13498,12 +13585,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -13549,7 +13638,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -13573,7 +13662,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -13613,7 +13702,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -13634,7 +13723,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -13722,10 +13811,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -13851,7 +13940,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -13868,7 +13957,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -13912,7 +14001,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -13933,7 +14022,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -13980,7 +14069,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -13991,6 +14080,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -14001,7 +14100,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -14010,6 +14109,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -14030,7 +14130,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -14108,12 +14208,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -14189,7 +14289,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -14276,7 +14376,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -14332,12 +14432,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -14347,6 +14448,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -14357,11 +14459,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -14372,6 +14475,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -14388,7 +14492,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -14396,6 +14500,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -14461,7 +14566,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -14642,7 +14747,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -14664,7 +14769,7 @@ spec: additionalProperties: description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." type: "string" - description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" x-kubernetes-map-type: "granular" allocatedResources: @@ -14674,7 +14779,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -14707,7 +14812,7 @@ spec: status: type: "string" type: - description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + description: "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"" type: "string" required: - "status" @@ -14718,10 +14823,10 @@ spec: - "type" x-kubernetes-list-type: "map" currentVolumeAttributesClassName: - description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." type: "string" modifyVolumeStatus: - description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." properties: status: description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." diff --git a/crd-catalog/elastic/cloud-on-k8s/apm.k8s.elastic.co/v1/apmservers.yaml b/crd-catalog/elastic/cloud-on-k8s/apm.k8s.elastic.co/v1/apmservers.yaml index b4556dce6..4ff98da96 100644 --- a/crd-catalog/elastic/cloud-on-k8s/apm.k8s.elastic.co/v1/apmservers.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/apm.k8s.elastic.co/v1/apmservers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "apmservers.apm.k8s.elastic.co" spec: group: "apm.k8s.elastic.co" @@ -108,7 +108,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -133,7 +133,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -160,7 +160,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -227,7 +227,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -484,13 +484,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -589,13 +589,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -693,13 +693,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -798,13 +798,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -900,7 +900,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -950,7 +950,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -977,7 +977,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -992,7 +992,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1191,7 +1191,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1329,7 +1330,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1429,13 +1431,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1505,7 +1510,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1544,7 +1549,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1591,7 +1596,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1722,7 +1728,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1786,7 +1792,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1822,7 +1828,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1872,7 +1878,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1899,7 +1905,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1914,7 +1920,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2113,7 +2119,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2251,7 +2258,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2351,13 +2359,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2427,7 +2438,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2466,7 +2477,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2513,7 +2524,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2599,7 +2611,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2647,7 +2659,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2716,7 +2728,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2763,7 +2775,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2813,7 +2825,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2840,7 +2852,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2855,7 +2867,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3054,7 +3066,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3192,7 +3205,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3292,13 +3306,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3368,7 +3385,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3407,7 +3424,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3454,7 +3471,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3585,7 +3603,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3612,7 +3630,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3621,7 +3639,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3662,23 +3680,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3696,7 +3710,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3726,7 +3740,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3766,18 +3780,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3894,7 +3911,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3904,14 +3921,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3938,7 +3955,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3966,12 +3983,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -4017,7 +4036,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4041,7 +4060,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4081,7 +4100,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4102,7 +4121,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4190,10 +4209,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4319,7 +4338,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4336,7 +4355,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4380,7 +4399,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4401,7 +4420,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4448,7 +4467,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4459,6 +4478,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4469,7 +4498,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4478,6 +4507,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4498,7 +4528,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4576,12 +4606,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4657,7 +4687,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4744,7 +4774,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4800,12 +4830,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4815,6 +4846,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4825,11 +4857,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4840,6 +4873,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4856,7 +4890,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4864,6 +4898,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4929,7 +4964,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/elastic/cloud-on-k8s/apm.k8s.elastic.co/v1beta1/apmservers.yaml b/crd-catalog/elastic/cloud-on-k8s/apm.k8s.elastic.co/v1beta1/apmservers.yaml index 7f5677aec..0df2eec29 100644 --- a/crd-catalog/elastic/cloud-on-k8s/apm.k8s.elastic.co/v1beta1/apmservers.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/apm.k8s.elastic.co/v1beta1/apmservers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "apmservers.apm.k8s.elastic.co" spec: group: "apm.k8s.elastic.co" @@ -104,7 +104,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -129,7 +129,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -156,7 +156,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -223,7 +223,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -464,13 +464,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -569,13 +569,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -673,13 +673,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -778,13 +778,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -880,7 +880,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -930,7 +930,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -957,7 +957,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -972,7 +972,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1171,7 +1171,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1309,7 +1310,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1409,13 +1411,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1485,7 +1490,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1524,7 +1529,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1571,7 +1576,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1702,7 +1708,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1766,7 +1772,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1802,7 +1808,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1852,7 +1858,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1879,7 +1885,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1894,7 +1900,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2093,7 +2099,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2231,7 +2238,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2331,13 +2339,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2407,7 +2418,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2446,7 +2457,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2493,7 +2504,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2579,7 +2591,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2627,7 +2639,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2696,7 +2708,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2743,7 +2755,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2793,7 +2805,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2820,7 +2832,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2835,7 +2847,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3034,7 +3046,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3172,7 +3185,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3272,13 +3286,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3348,7 +3365,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3387,7 +3404,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3434,7 +3451,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3565,7 +3583,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3592,7 +3610,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3601,7 +3619,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3642,23 +3660,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3676,7 +3690,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3706,7 +3720,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3746,18 +3760,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3874,7 +3891,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3884,14 +3901,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3918,7 +3935,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3946,12 +3963,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -3997,7 +4016,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4021,7 +4040,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4061,7 +4080,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4082,7 +4101,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4170,10 +4189,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4299,7 +4318,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4316,7 +4335,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4360,7 +4379,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4381,7 +4400,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4428,7 +4447,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4439,6 +4458,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4449,7 +4478,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4458,6 +4487,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4478,7 +4508,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4556,12 +4586,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4637,7 +4667,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4724,7 +4754,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4780,12 +4810,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4795,6 +4826,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4805,11 +4837,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4820,6 +4853,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4836,7 +4870,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4844,6 +4878,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4909,7 +4944,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/elastic/cloud-on-k8s/autoscaling.k8s.elastic.co/v1alpha1/elasticsearchautoscalers.yaml b/crd-catalog/elastic/cloud-on-k8s/autoscaling.k8s.elastic.co/v1alpha1/elasticsearchautoscalers.yaml index f66b02e0c..c98d0a463 100644 --- a/crd-catalog/elastic/cloud-on-k8s/autoscaling.k8s.elastic.co/v1alpha1/elasticsearchautoscalers.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/autoscaling.k8s.elastic.co/v1alpha1/elasticsearchautoscalers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "elasticsearchautoscalers.autoscaling.k8s.elastic.co" spec: group: "autoscaling.k8s.elastic.co" @@ -187,6 +187,7 @@ spec: description: "PollingPeriod is the period at which to synchronize with the Elasticsearch autoscaling API." type: "string" required: + - "elasticsearchRef" - "policies" type: "object" status: diff --git a/crd-catalog/elastic/cloud-on-k8s/beat.k8s.elastic.co/v1beta1/beats.yaml b/crd-catalog/elastic/cloud-on-k8s/beat.k8s.elastic.co/v1beta1/beats.yaml index ad7b25ab7..32d1836b0 100644 --- a/crd-catalog/elastic/cloud-on-k8s/beat.k8s.elastic.co/v1beta1/beats.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/beat.k8s.elastic.co/v1beta1/beats.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "beats.beat.k8s.elastic.co" spec: group: "beat.k8s.elastic.co" @@ -280,13 +280,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -385,13 +385,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -489,13 +489,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -594,13 +594,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -696,7 +696,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -746,7 +746,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -773,7 +773,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -788,7 +788,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -987,7 +987,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1125,7 +1126,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1225,13 +1227,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1301,7 +1306,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1340,7 +1345,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1387,7 +1392,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1518,7 +1524,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1582,7 +1588,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1618,7 +1624,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1668,7 +1674,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1695,7 +1701,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1710,7 +1716,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1909,7 +1915,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2047,7 +2054,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2147,13 +2155,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2223,7 +2234,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2262,7 +2273,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2309,7 +2320,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2395,7 +2407,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2443,7 +2455,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2512,7 +2524,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2559,7 +2571,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2609,7 +2621,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2636,7 +2648,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2651,7 +2663,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2850,7 +2862,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2988,7 +3001,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3088,13 +3102,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3164,7 +3181,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3203,7 +3220,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3250,7 +3267,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3381,7 +3399,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3408,7 +3426,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3417,7 +3435,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3458,23 +3476,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3492,7 +3506,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3522,7 +3536,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3562,18 +3576,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3690,7 +3707,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3700,14 +3717,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3734,7 +3751,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3762,12 +3779,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -3813,7 +3832,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3837,7 +3856,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3877,7 +3896,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3898,7 +3917,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3986,10 +4005,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4115,7 +4134,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4132,7 +4151,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4176,7 +4195,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4197,7 +4216,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4244,7 +4263,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4255,6 +4274,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4265,7 +4294,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4274,6 +4303,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4294,7 +4324,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4372,12 +4402,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4453,7 +4483,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4540,7 +4570,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4596,12 +4626,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4611,6 +4642,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4621,11 +4653,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4636,6 +4669,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4652,7 +4686,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4660,6 +4694,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4725,7 +4760,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4770,7 +4805,7 @@ spec: description: "DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet." properties: rollingUpdate: - description: "Rolling update config params. Present only if type = \"RollingUpdate\".\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be. Same as Deployment `strategy.rollingUpdate`.\nSee https://github.com/kubernetes/kubernetes/issues/35345" + description: "Rolling update config params. Present only if type = \"RollingUpdate\"." properties: maxSurge: anyOf: @@ -5003,13 +5038,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5108,13 +5143,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5212,13 +5247,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5317,13 +5352,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5419,7 +5454,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5469,7 +5504,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5496,7 +5531,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -5511,7 +5546,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -5710,7 +5745,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -5848,7 +5884,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -5948,13 +5985,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6024,7 +6064,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -6063,7 +6103,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -6110,7 +6150,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6241,7 +6282,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -6305,7 +6346,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -6341,7 +6382,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6391,7 +6432,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6418,7 +6459,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -6433,7 +6474,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -6632,7 +6673,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6770,7 +6812,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6870,13 +6913,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6946,7 +6992,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -6985,7 +7031,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -7032,7 +7078,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7118,7 +7165,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -7166,7 +7213,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -7235,7 +7282,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -7282,7 +7329,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -7332,7 +7379,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -7359,7 +7406,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -7374,7 +7421,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -7573,7 +7620,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7711,7 +7759,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7811,13 +7860,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -7887,7 +7939,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -7926,7 +7978,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -7973,7 +8025,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -8104,7 +8157,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -8131,7 +8184,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -8140,7 +8193,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -8181,23 +8234,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -8215,7 +8264,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -8245,7 +8294,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -8285,18 +8334,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -8413,7 +8465,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -8423,14 +8475,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -8457,7 +8509,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -8485,12 +8537,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -8536,7 +8590,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8560,7 +8614,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8600,7 +8654,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -8621,7 +8675,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8709,10 +8763,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -8838,7 +8892,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -8855,7 +8909,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -8899,7 +8953,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -8920,7 +8974,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -8967,7 +9021,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -8978,6 +9032,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -8988,7 +9052,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -8997,6 +9061,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -9017,7 +9082,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -9095,12 +9160,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -9176,7 +9241,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -9263,7 +9328,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -9319,12 +9384,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -9334,6 +9400,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -9344,11 +9411,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -9359,6 +9427,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -9375,7 +9444,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -9383,6 +9452,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -9448,7 +9518,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -9496,7 +9566,7 @@ spec: description: "DeploymentStrategy describes how to replace existing pods with new ones." properties: rollingUpdate: - description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate." properties: maxSurge: anyOf: diff --git a/crd-catalog/elastic/cloud-on-k8s/elasticsearch.k8s.elastic.co/v1/elasticsearches.yaml b/crd-catalog/elastic/cloud-on-k8s/elasticsearch.k8s.elastic.co/v1/elasticsearches.yaml index f3f1aca2e..552031f9f 100644 --- a/crd-catalog/elastic/cloud-on-k8s/elasticsearch.k8s.elastic.co/v1/elasticsearches.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/elasticsearch.k8s.elastic.co/v1/elasticsearches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "elasticsearches.elasticsearch.k8s.elastic.co" spec: group: "elasticsearch.k8s.elastic.co" @@ -114,7 +114,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -139,7 +139,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -166,7 +166,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -233,7 +233,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -542,13 +542,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -647,13 +647,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -751,13 +751,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -856,13 +856,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -958,7 +958,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1008,7 +1008,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1035,7 +1035,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1050,7 +1050,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1249,7 +1249,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1387,7 +1388,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1487,13 +1489,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1563,7 +1568,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1602,7 +1607,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1649,7 +1654,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1780,7 +1786,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1844,7 +1850,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1880,7 +1886,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1930,7 +1936,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1957,7 +1963,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1972,7 +1978,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2171,7 +2177,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2309,7 +2316,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2409,13 +2417,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2485,7 +2496,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2524,7 +2535,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2571,7 +2582,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2657,7 +2669,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2705,7 +2717,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2774,7 +2786,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2821,7 +2833,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2871,7 +2883,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2898,7 +2910,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2913,7 +2925,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3112,7 +3124,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3250,7 +3263,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3350,13 +3364,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3426,7 +3443,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3465,7 +3482,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3512,7 +3529,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3643,7 +3661,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3670,7 +3688,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3679,7 +3697,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3720,23 +3738,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3754,7 +3768,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3784,7 +3798,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3824,18 +3838,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3952,7 +3969,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3962,14 +3979,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3996,7 +4013,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -4024,12 +4041,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -4075,7 +4094,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4099,7 +4118,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4139,7 +4158,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4160,7 +4179,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4248,10 +4267,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4377,7 +4396,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4394,7 +4413,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4438,7 +4457,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4459,7 +4478,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4506,7 +4525,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4517,6 +4536,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4527,7 +4556,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4536,6 +4565,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4556,7 +4586,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4634,12 +4664,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4715,7 +4745,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4802,7 +4832,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4858,12 +4888,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4873,6 +4904,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4883,11 +4915,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4898,6 +4931,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4914,7 +4948,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4922,6 +4956,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4987,7 +5022,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5163,7 +5198,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -5185,7 +5220,7 @@ spec: additionalProperties: description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." type: "string" - description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" x-kubernetes-map-type: "granular" allocatedResources: @@ -5195,7 +5230,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -5228,7 +5263,7 @@ spec: status: type: "string" type: - description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + description: "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"" type: "string" required: - "status" @@ -5239,10 +5274,10 @@ spec: - "type" x-kubernetes-list-type: "map" currentVolumeAttributesClassName: - description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." type: "string" modifyVolumeStatus: - description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." properties: status: description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." @@ -5336,7 +5371,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." + description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." type: "string" type: "object" type: "object" @@ -5436,7 +5471,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -5461,7 +5496,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -5488,7 +5523,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -5555,7 +5590,7 @@ spec: description: "TLS defines options for configuring TLS on the transport layer." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the CA certificate\nand private key for generating node certificates.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The CA certificate in PEM format.\n- `ca.key`: The private key for the CA certificate in PEM format." + description: "Certificate is a reference to a Kubernetes secret that contains the CA certificate\nand private key for generating node certificates.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The CA certificate in PEM format.\n- `ca.key`: The private key for the CA certificate in PEM format." properties: secretName: description: "SecretName is the name of the secret." diff --git a/crd-catalog/elastic/cloud-on-k8s/elasticsearch.k8s.elastic.co/v1beta1/elasticsearches.yaml b/crd-catalog/elastic/cloud-on-k8s/elasticsearch.k8s.elastic.co/v1beta1/elasticsearches.yaml index aed2f6953..92627916f 100644 --- a/crd-catalog/elastic/cloud-on-k8s/elasticsearch.k8s.elastic.co/v1beta1/elasticsearches.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/elasticsearch.k8s.elastic.co/v1beta1/elasticsearches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "elasticsearches.elasticsearch.k8s.elastic.co" spec: group: "elasticsearch.k8s.elastic.co" @@ -87,7 +87,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -112,7 +112,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -139,7 +139,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -206,7 +206,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -465,13 +465,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -570,13 +570,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -674,13 +674,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -779,13 +779,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -881,7 +881,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -931,7 +931,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -958,7 +958,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -973,7 +973,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1172,7 +1172,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1310,7 +1311,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1410,13 +1412,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1486,7 +1491,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1525,7 +1530,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1572,7 +1577,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1703,7 +1709,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1767,7 +1773,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1803,7 +1809,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1853,7 +1859,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1880,7 +1886,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1895,7 +1901,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2094,7 +2100,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2232,7 +2239,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2332,13 +2340,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2408,7 +2419,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2447,7 +2458,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2494,7 +2505,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2580,7 +2592,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2628,7 +2640,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2697,7 +2709,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2744,7 +2756,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2794,7 +2806,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2821,7 +2833,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2836,7 +2848,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3035,7 +3047,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3173,7 +3186,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3273,13 +3287,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3349,7 +3366,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3388,7 +3405,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3435,7 +3452,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3566,7 +3584,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3593,7 +3611,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3602,7 +3620,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3643,23 +3661,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3677,7 +3691,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3707,7 +3721,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3747,18 +3761,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3875,7 +3892,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3885,14 +3902,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3919,7 +3936,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3947,12 +3964,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -3998,7 +4017,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4022,7 +4041,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4062,7 +4081,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4083,7 +4102,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4171,10 +4190,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4300,7 +4319,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4317,7 +4336,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4361,7 +4380,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4382,7 +4401,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4429,7 +4448,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4440,6 +4459,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4450,7 +4479,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4459,6 +4488,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4479,7 +4509,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4557,12 +4587,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4638,7 +4668,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4725,7 +4755,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4781,12 +4811,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4796,6 +4827,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4806,11 +4838,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4821,6 +4854,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4837,7 +4871,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4845,6 +4879,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4910,7 +4945,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5085,7 +5120,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -5107,7 +5142,7 @@ spec: additionalProperties: description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." type: "string" - description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" x-kubernetes-map-type: "granular" allocatedResources: @@ -5117,7 +5152,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -5150,7 +5185,7 @@ spec: status: type: "string" type: - description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + description: "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"" type: "string" required: - "status" @@ -5161,10 +5196,10 @@ spec: - "type" x-kubernetes-list-type: "map" currentVolumeAttributesClassName: - description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." type: "string" modifyVolumeStatus: - description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature." + description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default)." properties: status: description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." @@ -5259,7 +5294,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." + description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." type: "string" type: "object" type: "object" diff --git a/crd-catalog/elastic/cloud-on-k8s/enterprisesearch.k8s.elastic.co/v1/enterprisesearches.yaml b/crd-catalog/elastic/cloud-on-k8s/enterprisesearch.k8s.elastic.co/v1/enterprisesearches.yaml index e8a810eaf..05fe99529 100644 --- a/crd-catalog/elastic/cloud-on-k8s/enterprisesearch.k8s.elastic.co/v1/enterprisesearches.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/enterprisesearch.k8s.elastic.co/v1/enterprisesearches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "enterprisesearches.enterprisesearch.k8s.elastic.co" spec: group: "enterprisesearch.k8s.elastic.co" @@ -115,7 +115,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -140,7 +140,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -167,7 +167,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -234,7 +234,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -475,13 +475,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -580,13 +580,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -684,13 +684,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -789,13 +789,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -891,7 +891,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -941,7 +941,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -968,7 +968,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -983,7 +983,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1182,7 +1182,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1320,7 +1321,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1420,13 +1422,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1496,7 +1501,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1535,7 +1540,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1582,7 +1587,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1713,7 +1719,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1777,7 +1783,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1813,7 +1819,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1863,7 +1869,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1890,7 +1896,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1905,7 +1911,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2104,7 +2110,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2242,7 +2249,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2342,13 +2350,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2418,7 +2429,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2457,7 +2468,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2504,7 +2515,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2590,7 +2602,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2638,7 +2650,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2707,7 +2719,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2754,7 +2766,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2804,7 +2816,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2831,7 +2843,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2846,7 +2858,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3045,7 +3057,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3183,7 +3196,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3283,13 +3297,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3359,7 +3376,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3398,7 +3415,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3445,7 +3462,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3576,7 +3594,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3603,7 +3621,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3612,7 +3630,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3653,23 +3671,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3687,7 +3701,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3717,7 +3731,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3757,18 +3771,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3885,7 +3902,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3895,14 +3912,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3929,7 +3946,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3957,12 +3974,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -4008,7 +4027,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4032,7 +4051,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4072,7 +4091,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4093,7 +4112,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4181,10 +4200,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4310,7 +4329,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4327,7 +4346,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4371,7 +4390,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4392,7 +4411,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4439,7 +4458,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4450,6 +4469,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4460,7 +4489,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4469,6 +4498,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4489,7 +4519,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4567,12 +4597,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4648,7 +4678,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4735,7 +4765,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4791,12 +4821,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4806,6 +4837,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4816,11 +4848,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4831,6 +4864,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4847,7 +4881,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4855,6 +4889,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4920,7 +4955,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/elastic/cloud-on-k8s/enterprisesearch.k8s.elastic.co/v1beta1/enterprisesearches.yaml b/crd-catalog/elastic/cloud-on-k8s/enterprisesearch.k8s.elastic.co/v1beta1/enterprisesearches.yaml index 9de6ff5fb..01f7dd996 100644 --- a/crd-catalog/elastic/cloud-on-k8s/enterprisesearch.k8s.elastic.co/v1beta1/enterprisesearches.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/enterprisesearch.k8s.elastic.co/v1beta1/enterprisesearches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "enterprisesearches.enterprisesearch.k8s.elastic.co" spec: group: "enterprisesearch.k8s.elastic.co" @@ -115,7 +115,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -140,7 +140,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -167,7 +167,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -234,7 +234,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -475,13 +475,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -580,13 +580,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -684,13 +684,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -789,13 +789,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -891,7 +891,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -941,7 +941,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -968,7 +968,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -983,7 +983,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1182,7 +1182,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1320,7 +1321,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1420,13 +1422,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1496,7 +1501,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1535,7 +1540,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1582,7 +1587,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1713,7 +1719,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1777,7 +1783,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1813,7 +1819,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1863,7 +1869,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1890,7 +1896,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1905,7 +1911,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2104,7 +2110,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2242,7 +2249,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2342,13 +2350,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2418,7 +2429,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2457,7 +2468,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2504,7 +2515,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2590,7 +2602,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2638,7 +2650,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2707,7 +2719,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2754,7 +2766,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2804,7 +2816,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2831,7 +2843,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2846,7 +2858,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3045,7 +3057,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3183,7 +3196,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3283,13 +3297,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3359,7 +3376,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3398,7 +3415,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3445,7 +3462,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3576,7 +3594,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3603,7 +3621,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3612,7 +3630,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3653,23 +3671,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3687,7 +3701,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3717,7 +3731,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3757,18 +3771,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3885,7 +3902,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3895,14 +3912,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3929,7 +3946,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3957,12 +3974,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -4008,7 +4027,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4032,7 +4051,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4072,7 +4091,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4093,7 +4112,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4181,10 +4200,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4310,7 +4329,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4327,7 +4346,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4371,7 +4390,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4392,7 +4411,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4439,7 +4458,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4450,6 +4469,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4460,7 +4489,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4469,6 +4498,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4489,7 +4519,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4567,12 +4597,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4648,7 +4678,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4735,7 +4765,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4791,12 +4821,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4806,6 +4837,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4816,11 +4848,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4831,6 +4864,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4847,7 +4881,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4855,6 +4889,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4920,7 +4955,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/elastic/cloud-on-k8s/kibana.k8s.elastic.co/v1/kibanas.yaml b/crd-catalog/elastic/cloud-on-k8s/kibana.k8s.elastic.co/v1/kibanas.yaml index a3ed85489..3c5491ba4 100644 --- a/crd-catalog/elastic/cloud-on-k8s/kibana.k8s.elastic.co/v1/kibanas.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/kibana.k8s.elastic.co/v1/kibanas.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "kibanas.kibana.k8s.elastic.co" spec: group: "kibana.k8s.elastic.co" @@ -124,7 +124,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -149,7 +149,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -176,7 +176,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -243,7 +243,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -534,13 +534,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -639,13 +639,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -743,13 +743,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -848,13 +848,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -950,7 +950,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1000,7 +1000,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1027,7 +1027,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1042,7 +1042,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1241,7 +1241,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1379,7 +1380,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1479,13 +1481,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1555,7 +1560,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1594,7 +1599,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1641,7 +1646,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1772,7 +1778,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1836,7 +1842,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1872,7 +1878,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1922,7 +1928,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1949,7 +1955,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1964,7 +1970,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2163,7 +2169,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2301,7 +2308,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2401,13 +2409,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2477,7 +2488,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2516,7 +2527,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2563,7 +2574,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2649,7 +2661,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2697,7 +2709,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2766,7 +2778,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2813,7 +2825,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2863,7 +2875,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2890,7 +2902,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2905,7 +2917,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3104,7 +3116,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3242,7 +3255,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3342,13 +3356,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3418,7 +3435,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3457,7 +3474,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3504,7 +3521,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3635,7 +3653,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3662,7 +3680,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3671,7 +3689,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3712,23 +3730,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3746,7 +3760,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3776,7 +3790,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3816,18 +3830,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3944,7 +3961,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3954,14 +3971,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3988,7 +4005,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -4016,12 +4033,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -4067,7 +4086,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4091,7 +4110,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4131,7 +4150,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4152,7 +4171,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4240,10 +4259,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4369,7 +4388,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4386,7 +4405,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4430,7 +4449,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4451,7 +4470,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4498,7 +4517,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4509,6 +4528,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4519,7 +4548,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4528,6 +4557,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4548,7 +4578,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4626,12 +4656,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4707,7 +4737,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4794,7 +4824,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4850,12 +4880,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4865,6 +4896,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4875,11 +4907,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4890,6 +4923,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4906,7 +4940,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4914,6 +4948,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4979,7 +5014,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/elastic/cloud-on-k8s/kibana.k8s.elastic.co/v1beta1/kibanas.yaml b/crd-catalog/elastic/cloud-on-k8s/kibana.k8s.elastic.co/v1beta1/kibanas.yaml index 476f33da9..416bbf29c 100644 --- a/crd-catalog/elastic/cloud-on-k8s/kibana.k8s.elastic.co/v1beta1/kibanas.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/kibana.k8s.elastic.co/v1beta1/kibanas.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "kibanas.kibana.k8s.elastic.co" spec: group: "kibana.k8s.elastic.co" @@ -104,7 +104,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -129,7 +129,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -156,7 +156,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -223,7 +223,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -464,13 +464,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -569,13 +569,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -673,13 +673,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -778,13 +778,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -880,7 +880,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -930,7 +930,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -957,7 +957,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -972,7 +972,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1171,7 +1171,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1309,7 +1310,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1409,13 +1411,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1485,7 +1490,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1524,7 +1529,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1571,7 +1576,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1702,7 +1708,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1766,7 +1772,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1802,7 +1808,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1852,7 +1858,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1879,7 +1885,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1894,7 +1900,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2093,7 +2099,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2231,7 +2238,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2331,13 +2339,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2407,7 +2418,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2446,7 +2457,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2493,7 +2504,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2579,7 +2591,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2627,7 +2639,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2696,7 +2708,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2743,7 +2755,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2793,7 +2805,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2820,7 +2832,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2835,7 +2847,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3034,7 +3046,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3172,7 +3185,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3272,13 +3286,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3348,7 +3365,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3387,7 +3404,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3434,7 +3451,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3565,7 +3583,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3592,7 +3610,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3601,7 +3619,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3642,23 +3660,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3676,7 +3690,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3706,7 +3720,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3746,18 +3760,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3874,7 +3891,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3884,14 +3901,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3918,7 +3935,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3946,12 +3963,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -3997,7 +4016,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4021,7 +4040,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4061,7 +4080,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4082,7 +4101,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4170,10 +4189,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4299,7 +4318,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4316,7 +4335,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4360,7 +4379,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4381,7 +4400,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4428,7 +4447,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4439,6 +4458,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4449,7 +4478,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4458,6 +4487,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4478,7 +4508,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4556,12 +4586,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4637,7 +4667,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4724,7 +4754,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4780,12 +4810,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4795,6 +4826,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4805,11 +4837,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4820,6 +4853,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4836,7 +4870,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4844,6 +4878,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4909,7 +4944,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/elastic/cloud-on-k8s/maps.k8s.elastic.co/v1alpha1/elasticmapsservers.yaml b/crd-catalog/elastic/cloud-on-k8s/maps.k8s.elastic.co/v1alpha1/elasticmapsservers.yaml index 3108c7fa4..d92801f52 100644 --- a/crd-catalog/elastic/cloud-on-k8s/maps.k8s.elastic.co/v1alpha1/elasticmapsservers.yaml +++ b/crd-catalog/elastic/cloud-on-k8s/maps.k8s.elastic.co/v1alpha1/elasticmapsservers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "elasticmapsservers.maps.k8s.elastic.co" spec: group: "maps.k8s.elastic.co" @@ -115,7 +115,7 @@ spec: description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" @@ -140,7 +140,7 @@ spec: description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" @@ -167,7 +167,7 @@ spec: description: "ServicePort contains information on service's port." properties: appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." @@ -234,7 +234,7 @@ spec: description: "TLS defines options for configuring TLS for HTTP." properties: certificate: - description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.\nThe referenced secret should contain the following:\n\n- `ca.crt`: The certificate authority (optional).\n- `tls.crt`: The certificate (or a chain).\n- `tls.key`: The private key to the first certificate in the certificate chain." properties: secretName: description: "SecretName is the name of the secret." @@ -475,13 +475,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -580,13 +580,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -684,13 +684,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -789,13 +789,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -891,7 +891,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -941,7 +941,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -968,7 +968,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -983,7 +983,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1182,7 +1182,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1320,7 +1321,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1420,13 +1422,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1496,7 +1501,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1535,7 +1540,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1582,7 +1587,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1713,7 +1719,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1777,7 +1783,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1813,7 +1819,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1863,7 +1869,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1890,7 +1896,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1905,7 +1911,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2104,7 +2110,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2242,7 +2249,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2342,13 +2350,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2418,7 +2429,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2457,7 +2468,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2504,7 +2515,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2590,7 +2602,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2638,7 +2650,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2707,7 +2719,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2754,7 +2766,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2804,7 +2816,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2831,7 +2843,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2846,7 +2858,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3045,7 +3057,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3183,7 +3196,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3283,13 +3297,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3359,7 +3376,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3398,7 +3415,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3445,7 +3462,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3576,7 +3594,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3603,7 +3621,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3612,7 +3630,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3653,23 +3671,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3687,7 +3701,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3717,7 +3731,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3757,18 +3771,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3885,7 +3902,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3895,14 +3912,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3929,7 +3946,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3957,12 +3974,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -4008,7 +4027,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4032,7 +4051,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4072,7 +4091,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4093,7 +4112,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4181,10 +4200,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4310,7 +4329,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4327,7 +4346,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4371,7 +4390,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4392,7 +4411,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4439,7 +4458,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4450,6 +4469,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4460,7 +4489,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4469,6 +4498,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4489,7 +4519,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4567,12 +4597,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4648,7 +4678,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4735,7 +4765,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4791,12 +4821,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4806,6 +4837,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4816,11 +4848,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4831,6 +4864,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4847,7 +4881,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4855,6 +4889,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4920,7 +4955,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml index 53024a97a..26661ef54 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml @@ -5468,8 +5468,6 @@ spec: type: "string" type: "object" type: "object" - required: - - "host" type: "object" smbConnection: properties: @@ -5477,7 +5475,6 @@ spec: description: "ConnectionName of the connection. It'll be used to populate the connection fields." type: "string" domain: - description: "Domain..." type: "string" password: properties: @@ -5523,6 +5520,8 @@ spec: port: description: "Port on which smb server is running. Defaults to 445" type: "integer" + share: + type: "string" username: properties: name: diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml index dc01d7ad0..a6080f4eb 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml @@ -331,6 +331,11 @@ spec: timeAsTable: description: "By default when the Lua script is invoked, the record timestamp is passed as a\nFloating number which might lead to loss precision when the data is converted back.\nIf you desire timestamp precision enabling this option will pass the timestamp as\na Lua table with keys sec for seconds since epoch and nsec for nanoseconds." type: "boolean" + typeArrayKey: + description: "If these keys are matched, the fields are handled as array. If more than\none key, delimit by space. It is useful the array can be empty." + items: + type: "string" + type: "array" typeIntKey: description: "If these keys are matched, the fields are converted to integer.\nIf more than one key, delimit by space.\nNote that starting from Fluent Bit v1.6 integer data types are preserved\nand not converted to double as in previous versions." items: @@ -636,6 +641,39 @@ spec: format: "int64" type: "integer" type: "object" + wasm: + description: "Wasm defines a Wasm configuration." + properties: + accessiblePaths: + description: "Specify the whitelist of paths to be able to access paths from WASM programs." + items: + type: "string" + type: "array" + alias: + description: "Alias for the plugin" + type: "string" + eventFormat: + description: "Define event format to interact with Wasm programs: msgpack or json. Default: json" + type: "string" + functionName: + description: "Wasm function name that will be triggered to do filtering. It's assumed that the function is built inside the Wasm program specified above." + type: "string" + retryLimit: + description: "RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1." + pattern: "^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$" + type: "string" + wasmHeapSize: + description: "Size of the heap size of Wasm execution. Review unit sizes for allowed values." + pattern: "^\\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$" + type: "string" + wasmPath: + description: "Path to the built Wasm program that will be used. This can be a relative path against the main configuration file." + type: "string" + wasmStackSize: + description: "Size of the stack size of Wasm execution. Review unit sizes for allowed values." + pattern: "^\\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$" + type: "string" + type: "object" type: "object" type: "array" logLevel: diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml index 4814ffb2c..016266fe9 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml @@ -331,6 +331,11 @@ spec: timeAsTable: description: "By default when the Lua script is invoked, the record timestamp is passed as a\nFloating number which might lead to loss precision when the data is converted back.\nIf you desire timestamp precision enabling this option will pass the timestamp as\na Lua table with keys sec for seconds since epoch and nsec for nanoseconds." type: "boolean" + typeArrayKey: + description: "If these keys are matched, the fields are handled as array. If more than\none key, delimit by space. It is useful the array can be empty." + items: + type: "string" + type: "array" typeIntKey: description: "If these keys are matched, the fields are converted to integer.\nIf more than one key, delimit by space.\nNote that starting from Fluent Bit v1.6 integer data types are preserved\nand not converted to double as in previous versions." items: @@ -636,6 +641,39 @@ spec: format: "int64" type: "integer" type: "object" + wasm: + description: "Wasm defines a Wasm configuration." + properties: + accessiblePaths: + description: "Specify the whitelist of paths to be able to access paths from WASM programs." + items: + type: "string" + type: "array" + alias: + description: "Alias for the plugin" + type: "string" + eventFormat: + description: "Define event format to interact with Wasm programs: msgpack or json. Default: json" + type: "string" + functionName: + description: "Wasm function name that will be triggered to do filtering. It's assumed that the function is built inside the Wasm program specified above." + type: "string" + retryLimit: + description: "RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1." + pattern: "^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$" + type: "string" + wasmHeapSize: + description: "Size of the heap size of Wasm execution. Review unit sizes for allowed values." + pattern: "^\\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$" + type: "string" + wasmPath: + description: "Path to the built Wasm program that will be used. This can be a relative path against the main configuration file." + type: "string" + wasmStackSize: + description: "Size of the stack size of Wasm execution. Review unit sizes for allowed values." + pattern: "^\\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$" + type: "string" + type: "object" type: "object" type: "array" logLevel: diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/buckets.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/buckets.yaml new file mode 100644 index 000000000..4eb6975f9 --- /dev/null +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/buckets.yaml @@ -0,0 +1,264 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "v0.16.1" + name: "buckets.source.toolkit.fluxcd.io" +spec: + group: "source.toolkit.fluxcd.io" + names: + kind: "Bucket" + listKind: "BucketList" + plural: "buckets" + singular: "bucket" + scope: "Namespaced" + versions: + - additionalPrinterColumns: + - jsonPath: ".spec.endpoint" + name: "Endpoint" + type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + name: "Ready" + type: "string" + - jsonPath: ".status.conditions[?(@.type==\"Ready\")].message" + name: "Status" + type: "string" + name: "v1" + schema: + openAPIV3Schema: + description: "Bucket is the Schema for the buckets API." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "BucketSpec specifies the required configuration to produce an Artifact for\nan object storage bucket." + properties: + bucketName: + description: "BucketName is the name of the object storage bucket." + type: "string" + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nbucket. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis field is only supported for the `generic` provider." + properties: + name: + description: "Name of the referent." + type: "string" + required: + - "name" + type: "object" + endpoint: + description: "Endpoint is the object storage address the BucketName is located at." + type: "string" + ignore: + description: "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are." + type: "string" + insecure: + description: "Insecure allows connecting to a non-TLS HTTP Endpoint." + type: "boolean" + interval: + description: "Interval at which the Bucket Endpoint is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources." + pattern: "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + type: "string" + prefix: + description: "Prefix to use for server-side filtering of files in the Bucket." + type: "string" + provider: + default: "generic" + description: "Provider of the object storage bucket.\nDefaults to 'generic', which expects an S3 (API) compatible object\nstorage." + enum: + - "generic" + - "aws" + - "gcp" + - "azure" + type: "string" + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy configuration\nto use while communicating with the Bucket server." + properties: + name: + description: "Name of the referent." + type: "string" + required: + - "name" + type: "object" + region: + description: "Region of the Endpoint where the BucketName is located in." + type: "string" + secretRef: + description: "SecretRef specifies the Secret containing authentication credentials\nfor the Bucket." + properties: + name: + description: "Name of the referent." + type: "string" + required: + - "name" + type: "object" + sts: + description: "STS specifies the required configuration to use a Security Token\nService for fetching temporary credentials to authenticate in a\nBucket provider.\n\nThis field is only supported for the `aws` and `generic` providers." + properties: + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nSTS endpoint. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis field is only supported for the `ldap` provider." + properties: + name: + description: "Name of the referent." + type: "string" + required: + - "name" + type: "object" + endpoint: + description: "Endpoint is the HTTP/S endpoint of the Security Token Service from\nwhere temporary credentials will be fetched." + pattern: "^(http|https)://.*$" + type: "string" + provider: + description: "Provider of the Security Token Service." + enum: + - "aws" + - "ldap" + type: "string" + secretRef: + description: "SecretRef specifies the Secret containing authentication credentials\nfor the STS endpoint. This Secret must contain the fields `username`\nand `password` and is supported only for the `ldap` provider." + properties: + name: + description: "Name of the referent." + type: "string" + required: + - "name" + type: "object" + required: + - "endpoint" + - "provider" + type: "object" + suspend: + description: "Suspend tells the controller to suspend the reconciliation of this\nBucket." + type: "boolean" + timeout: + default: "60s" + description: "Timeout for fetch operations, defaults to 60s." + pattern: "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" + type: "string" + required: + - "bucketName" + - "endpoint" + - "interval" + type: "object" + x-kubernetes-validations: + - message: "STS configuration is only supported for the 'aws' and 'generic' Bucket providers" + rule: "self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)" + - message: "'aws' is the only supported STS provider for the 'aws' Bucket provider" + rule: "self.provider != 'aws' || !has(self.sts) || self.sts.provider == 'aws'" + - message: "'ldap' is the only supported STS provider for the 'generic' Bucket provider" + rule: "self.provider != 'generic' || !has(self.sts) || self.sts.provider == 'ldap'" + - message: "spec.sts.secretRef is not required for the 'aws' STS provider" + rule: "!has(self.sts) || self.sts.provider != 'aws' || !has(self.sts.secretRef)" + - message: "spec.sts.certSecretRef is not required for the 'aws' STS provider" + rule: "!has(self.sts) || self.sts.provider != 'aws' || !has(self.sts.certSecretRef)" + status: + default: + observedGeneration: -1 + description: "BucketStatus records the observed state of a Bucket." + properties: + artifact: + description: "Artifact represents the last successful Bucket reconciliation." + properties: + digest: + description: "Digest is the digest of the file in the form of ':'." + pattern: "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" + type: "string" + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact." + format: "date-time" + type: "string" + metadata: + additionalProperties: + type: "string" + description: "Metadata holds upstream information such as OCI annotations." + type: "object" + path: + description: "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source." + type: "string" + revision: + description: "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc." + type: "string" + size: + description: "Size is the number of bytes in the file." + format: "int64" + type: "integer" + url: + description: "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents." + type: "string" + required: + - "lastUpdateTime" + - "path" + - "revision" + - "url" + type: "object" + conditions: + description: "Conditions holds the conditions for the Bucket." + items: + description: "Condition contains details for one aspect of the current state of this API Resource." + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase." + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + type: "array" + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected." + type: "string" + observedGeneration: + description: "ObservedGeneration is the last observed generation of the Bucket object." + format: "int64" + type: "integer" + observedIgnore: + description: "ObservedIgnore is the observed exclusion patterns used for constructing\nthe source artifact." + type: "string" + url: + description: "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact data is recommended." + type: "string" + type: "object" + type: "object" + served: true + storage: true + subresources: + status: {} diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/gitrepositories.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/gitrepositories.yaml index 228fc316d..232c64f4b 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/gitrepositories.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/gitrepositories.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "gitrepositories.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -94,10 +94,10 @@ spec: description: "Branch to check out, defaults to 'master' if no other field is defined." type: "string" commit: - description: "Commit SHA to check out, takes precedence over all reference fields.\n\n\nThis can be combined with Branch to shallow clone the branch, in which\nthe commit is expected to exist." + description: "Commit SHA to check out, takes precedence over all reference fields.\n\nThis can be combined with Branch to shallow clone the branch, in which\nthe commit is expected to exist." type: "string" name: - description: "Name of the reference to check out; takes precedence over Branch, Tag and SemVer.\n\n\nIt must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description\nExamples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"" + description: "Name of the reference to check out; takes precedence over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description\nExamples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"" type: "string" semver: description: "SemVer tag expression to check out, takes precedence over Tag." @@ -132,7 +132,7 @@ spec: properties: mode: default: "HEAD" - description: "Mode specifies which Git object(s) should be verified.\n\n\nThe variants \"head\" and \"HEAD\" both imply the same thing, i.e. verify\nthe commit that the HEAD of the Git repository points to. The variant\n\"head\" solely exists to ensure backwards compatibility." + description: "Mode specifies which Git object(s) should be verified.\n\nThe variants \"head\" and \"HEAD\" both imply the same thing, i.e. verify\nthe commit that the HEAD of the Git repository points to. The variant\n\"head\" solely exists to ensure backwards compatibility." enum: - "head" - "HEAD" @@ -198,7 +198,7 @@ spec: conditions: description: "Conditions holds the conditions for the GitRepository." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -227,7 +227,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/helmcharts.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/helmcharts.yaml index 005c157c5..397ae50ab 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/helmcharts.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/helmcharts.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "helmcharts.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -188,7 +188,7 @@ spec: conditions: description: "Conditions holds the conditions for the HelmChart." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -217,7 +217,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/helmrepositories.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/helmrepositories.yaml index c0c51fcce..5379d325b 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/helmrepositories.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/helmrepositories.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "helmrepositories.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -63,7 +63,7 @@ spec: - "namespaceSelectors" type: "object" certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\n\nIt takes precedence over the values specified in the Secret referred\nto by `.spec.secretRef`." + description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt takes precedence over the values specified in the Secret referred\nto by `.spec.secretRef`." properties: name: description: "Name of the referent." @@ -162,7 +162,7 @@ spec: conditions: description: "Conditions holds the conditions for the HelmRepository." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -191,7 +191,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/buckets.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/buckets.yaml index 1031f621e..741511b10 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/buckets.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/buckets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "buckets.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -27,7 +27,7 @@ spec: name: "Age" type: "date" deprecated: true - deprecationWarning: "v1beta1 Bucket is deprecated, upgrade to v1beta2" + deprecationWarning: "v1beta1 Bucket is deprecated, upgrade to v1" name: "v1beta1" schema: openAPIV3Schema: @@ -134,13 +134,14 @@ spec: description: "URL is the HTTP address of this artifact." type: "string" required: + - "lastUpdateTime" - "path" - "url" type: "object" conditions: description: "Conditions holds the conditions for the Bucket." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -169,7 +170,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/gitrepositories.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/gitrepositories.yaml index ee5be6e63..df0653bfd 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/gitrepositories.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/gitrepositories.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "gitrepositories.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -189,13 +189,14 @@ spec: description: "URL is the HTTP address of this artifact." type: "string" required: + - "lastUpdateTime" - "path" - "url" type: "object" conditions: description: "Conditions holds the conditions for the GitRepository." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -224,7 +225,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -258,6 +259,7 @@ spec: description: "URL is the HTTP address of this artifact." type: "string" required: + - "lastUpdateTime" - "path" - "url" type: "object" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/helmcharts.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/helmcharts.yaml index 001edec83..65c29b7ef 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/helmcharts.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/helmcharts.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "helmcharts.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -151,13 +151,14 @@ spec: description: "URL is the HTTP address of this artifact." type: "string" required: + - "lastUpdateTime" - "path" - "url" type: "object" conditions: description: "Conditions holds the conditions for the HelmChart." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -186,7 +187,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/helmrepositories.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/helmrepositories.yaml index dc956d984..33877ebec 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/helmrepositories.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta1/helmrepositories.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "helmrepositories.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -118,13 +118,14 @@ spec: description: "URL is the HTTP address of this artifact." type: "string" required: + - "lastUpdateTime" - "path" - "url" type: "object" conditions: description: "Conditions holds the conditions for the HelmRepository." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -153,7 +154,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/buckets.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/buckets.yaml index 637888f8a..6d4ad6c6a 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/buckets.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/buckets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "buckets.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -26,6 +26,8 @@ spec: - jsonPath: ".status.conditions[?(@.type==\"Ready\")].message" name: "Status" type: "string" + deprecated: true + deprecationWarning: "v1beta2 Bucket is deprecated, upgrade to v1" name: "v1beta2" schema: openAPIV3Schema: @@ -64,7 +66,7 @@ spec: description: "BucketName is the name of the object storage bucket." type: "string" certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\n\nand whichever are supplied, will be used for connecting to the\nbucket. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\n\nThis field is only supported for the `generic` provider." + description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nbucket. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis field is only supported for the `generic` provider." properties: name: description: "Name of the referent." @@ -119,10 +121,10 @@ spec: - "name" type: "object" sts: - description: "STS specifies the required configuration to use a Security Token\nService for fetching temporary credentials to authenticate in a\nBucket provider.\n\n\nThis field is only supported for the `aws` and `generic` providers." + description: "STS specifies the required configuration to use a Security Token\nService for fetching temporary credentials to authenticate in a\nBucket provider.\n\nThis field is only supported for the `aws` and `generic` providers." properties: certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\n\nand whichever are supplied, will be used for connecting to the\nSTS endpoint. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\n\nThis field is only supported for the `ldap` provider." + description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nSTS endpoint. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis field is only supported for the `ldap` provider." properties: name: description: "Name of the referent." @@ -220,7 +222,7 @@ spec: conditions: description: "Conditions holds the conditions for the Bucket." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -249,7 +251,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -277,6 +279,6 @@ spec: type: "object" type: "object" served: true - storage: true + storage: false subresources: status: {} diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/gitrepositories.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/gitrepositories.yaml index 2566c93c1..f22d81f77 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/gitrepositories.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/gitrepositories.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "gitrepositories.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -112,10 +112,10 @@ spec: description: "Branch to check out, defaults to 'master' if no other field is defined." type: "string" commit: - description: "Commit SHA to check out, takes precedence over all reference fields.\n\n\nThis can be combined with Branch to shallow clone the branch, in which\nthe commit is expected to exist." + description: "Commit SHA to check out, takes precedence over all reference fields.\n\nThis can be combined with Branch to shallow clone the branch, in which\nthe commit is expected to exist." type: "string" name: - description: "Name of the reference to check out; takes precedence over Branch, Tag and SemVer.\n\n\nIt must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description\nExamples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"" + description: "Name of the reference to check out; takes precedence over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description\nExamples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"" type: "string" semver: description: "SemVer tag expression to check out, takes precedence over Tag." @@ -213,7 +213,7 @@ spec: conditions: description: "Conditions holds the conditions for the GitRepository." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -242,7 +242,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -255,7 +255,7 @@ spec: type: "object" type: "array" contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations related to\nthe content of the source artifact:\n - .spec.ignore\n - .spec.recurseSubmodules\n - .spec.included and the checksum of the included artifacts\nobserved in .status.observedGeneration version of the object. This can\nbe used to determine if the content of the included repository has\nchanged.\nIt has the format of `:`, for example: `sha256:`.\n\n\nDeprecated: Replaced with explicit fields for observed artifact content\nconfig in the status." + description: "ContentConfigChecksum is a checksum of all the configurations related to\nthe content of the source artifact:\n - .spec.ignore\n - .spec.recurseSubmodules\n - .spec.included and the checksum of the included artifacts\nobserved in .status.observedGeneration version of the object. This can\nbe used to determine if the content of the included repository has\nchanged.\nIt has the format of `:`, for example: `sha256:`.\n\nDeprecated: Replaced with explicit fields for observed artifact content\nconfig in the status." type: "string" includedArtifacts: description: "IncludedArtifacts contains a list of the last successfully included\nArtifacts as instructed by GitRepositorySpec.Include." diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/helmcharts.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/helmcharts.yaml index 8b3f10366..8c9d4ba9c 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/helmcharts.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/helmcharts.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "helmcharts.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -211,7 +211,7 @@ spec: conditions: description: "Conditions holds the conditions for the HelmChart." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -240,7 +240,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/helmrepositories.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/helmrepositories.yaml index f67c27807..6589e3092 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/helmrepositories.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/helmrepositories.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "helmrepositories.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -65,7 +65,7 @@ spec: - "namespaceSelectors" type: "object" certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\n\nIt takes precedence over the values specified in the Secret referred\nto by `.spec.secretRef`." + description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt takes precedence over the values specified in the Secret referred\nto by `.spec.secretRef`." properties: name: description: "Name of the referent." @@ -164,7 +164,7 @@ spec: conditions: description: "Conditions holds the conditions for the HelmRepository." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -193,7 +193,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/ocirepositories.yaml b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/ocirepositories.yaml index 3d24347e6..0097b3fbc 100644 --- a/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/ocirepositories.yaml +++ b/crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1beta2/ocirepositories.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "ocirepositories.source.toolkit.fluxcd.io" spec: group: "source.toolkit.fluxcd.io" @@ -45,7 +45,7 @@ spec: description: "OCIRepositorySpec defines the desired state of OCIRepository" properties: certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\n\nNote: Support for the `caFile`, `certFile` and `keyFile` keys have\nbeen deprecated." + description: "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nNote: Support for the `caFile`, `certFile` and `keyFile` keys have\nbeen deprecated." properties: name: description: "Name of the referent." @@ -219,7 +219,7 @@ spec: conditions: description: "Conditions holds the conditions for the OCIRepository." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -248,7 +248,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -261,7 +261,7 @@ spec: type: "object" type: "array" contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations related to\nthe content of the source artifact:\n - .spec.ignore\n - .spec.layerSelector\nobserved in .status.observedGeneration version of the object. This can\nbe used to determine if the content configuration has changed and the\nartifact needs to be rebuilt.\nIt has the format of `:`, for example: `sha256:`.\n\n\nDeprecated: Replaced with explicit fields for observed artifact content\nconfig in the status." + description: "ContentConfigChecksum is a checksum of all the configurations related to\nthe content of the source artifact:\n - .spec.ignore\n - .spec.layerSelector\nobserved in .status.observedGeneration version of the object. This can\nbe used to determine if the content configuration has changed and the\nartifact needs to be rebuilt.\nIt has the format of `:`, for example: `sha256:`.\n\nDeprecated: Replaced with explicit fields for observed artifact content\nconfig in the status." type: "string" lastHandledReconcileAt: description: "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected." diff --git a/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml b/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml index 5b8ad3c5a..8850bf2ea 100644 --- a/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml +++ b/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml @@ -283,6 +283,35 @@ spec: x-kubernetes-preserve-unknown-fields: true description: "SuggestedLabels is a set of labels that resources should set when using this token to enroll themselves in the cluster. Currently, only node-join scripts create a configuration according to the suggestion." type: "object" + terraform_cloud: + description: "TerraformCloud allows the configuration of options specific to the \"terraform_cloud\" join method." + nullable: true + properties: + allow: + description: "Allow is a list of Rules, nodes using this token must match one allow rule to use this token." + items: + properties: + organization_id: + type: "string" + organization_name: + type: "string" + project_id: + type: "string" + project_name: + type: "string" + run_phase: + type: "string" + workspace_id: + type: "string" + workspace_name: + type: "string" + type: "object" + nullable: true + type: "array" + audience: + description: "Audience is the JWT audience as configured in the TFC_WORKLOAD_IDENTITY_AUDIENCE(_$TAG) variable in Terraform Cloud. If unset, defaults to the Teleport cluster name. For example, if `TFC_WORKLOAD_IDENTITY_AUDIENCE_TELEPORT=foo` is set in Terraform Cloud, this value should be `foo`. If the variable is set to match the cluster name, it does not need to be set here." + type: "string" + type: "object" tpm: description: "TPM allows the configuration of options specific to the \"tpm\" join method." nullable: true diff --git a/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflowplatforms.yaml b/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflowplatforms.yaml index 3c246e383..55e3202c6 100644 --- a/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflowplatforms.yaml +++ b/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflowplatforms.yaml @@ -424,8 +424,11 @@ spec: type: "boolean" persistence: description: "Persists service to a datasource of choice. Ephemeral by default." - maxProperties: 1 + maxProperties: 2 properties: + migrateDBOnStartUp: + description: "Whether to migrate database on service startup?" + type: "boolean" postgresql: description: "Connect configured services to a postgresql database." maxProperties: 2 @@ -473,6 +476,8 @@ spec: required: - "secretRef" type: "object" + required: + - "migrateDBOnStartUp" type: "object" podTemplate: description: "PodTemplate describes the deployment details of this platform service instance." @@ -4733,8 +4738,11 @@ spec: type: "boolean" persistence: description: "Persists service to a datasource of choice. Ephemeral by default." - maxProperties: 1 + maxProperties: 2 properties: + migrateDBOnStartUp: + description: "Whether to migrate database on service startup?" + type: "boolean" postgresql: description: "Connect configured services to a postgresql database." maxProperties: 2 @@ -4782,6 +4790,8 @@ spec: required: - "secretRef" type: "object" + required: + - "migrateDBOnStartUp" type: "object" podTemplate: description: "PodTemplate describes the deployment details of this platform service instance." diff --git a/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml b/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml index bba813cf3..6180474e8 100644 --- a/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml +++ b/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml @@ -1553,8 +1553,11 @@ spec: type: "object" persistence: description: "Persistence defines the database persistence configuration for the workflow" - maxProperties: 1 + maxProperties: 2 properties: + migrateDBOnStartUp: + description: "Whether to migrate database on service startup?" + type: "boolean" postgresql: description: "Connect configured services to a postgresql database." maxProperties: 2 @@ -1602,6 +1605,8 @@ spec: required: - "secretRef" type: "object" + required: + - "migrateDBOnStartUp" type: "object" podTemplate: description: "PodTemplate describes the deployment details of this SonataFlow instance." diff --git a/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml b/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml index a4705d8b4..db6abee06 100644 --- a/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml +++ b/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml @@ -32,13 +32,13 @@ spec: excludeRef: description: "ExcludeRef define the resource to exclude from the sleep." items: - description: "Common type to use for both IncludeRef and ExcludeRef to prevent duplication" + description: "Define a resource to filter, used to include or exclude resources from the sleep." properties: apiVersion: - description: "ApiVersion of the kubernetes resources.\nSupported api version is \"apps/v1\"." + description: "ApiVersion of the kubernetes resources." type: "string" kind: - description: "Kind of the kubernetes resources of the specific version.\nSupported kind are \"Deployment\" and \"CronJob\"." + description: "Kind of the kubernetes resources of the specific version." type: "string" matchLabels: additionalProperties: @@ -53,13 +53,13 @@ spec: includeRef: description: "IncludeRef define the resource to include from the sleep." items: - description: "Common type to use for both IncludeRef and ExcludeRef to prevent duplication" + description: "Define a resource to filter, used to include or exclude resources from the sleep." properties: apiVersion: - description: "ApiVersion of the kubernetes resources.\nSupported api version is \"apps/v1\"." + description: "ApiVersion of the kubernetes resources." type: "string" kind: - description: "Kind of the kubernetes resources of the specific version.\nSupported kind are \"Deployment\" and \"CronJob\"." + description: "Kind of the kubernetes resources of the specific version." type: "string" matchLabels: additionalProperties: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclusters.yaml index 12c828bcd..7f403b027 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsclusters.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclustertemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclustertemplates.yaml index bde222ff4..c50cdfa56 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclustertemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclustertemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsimages.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsimages.yaml index 06644359b..07377e5d7 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsimages.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsimages.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsimages.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachines.yaml index 1c3b7f89f..9372a321b 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachines.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsmachines.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -85,7 +85,8 @@ spec: description: "ImageRef is an optional reference to a provider-specific resource that holds\nthe details for provisioning the Image for a Cluster." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachinetemplates.yaml index 680208442..42c91574b 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachinetemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -55,7 +55,8 @@ spec: description: "ImageRef is an optional reference to a provider-specific resource that holds\nthe details for provisioning the Image for a Cluster." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcclusters.yaml index 7dee87a1a..56825a99a 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmvpcclusters.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachines.yaml index bfe27eb6a..4516cc6d0 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachines.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmvpcmachines.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachinetemplates.yaml index 1767cd1e9..38b857b6b 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachinetemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml index 117a34657..42d55d796 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsclusters.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -129,12 +129,26 @@ spec: items: description: "AdditionalListenerSpec defines the desired state of an\nadditional listener on an VPC load balancer." properties: + defaultPoolName: + description: "defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" port: description: "Port sets the port for the additional listener." format: "int64" maximum: 65535.0 minimum: 1.0 type: "integer" + protocol: + description: "protocol defines the protocol to use for the VPC Load Balancer Listener.\nWill default to TCP protocol if not specified." + enum: + - "http" + - "https" + - "tcp" + - "udp" + type: "string" required: - "port" type: "object" @@ -142,6 +156,82 @@ spec: x-kubernetes-list-map-keys: - "port" x-kubernetes-list-type: "map" + backendPools: + description: "backendPools defines the load balancer's backend pools." + items: + description: "VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool." + properties: + algorithm: + description: "algorithm defines the load balancing algorithm to use." + enum: + - "least_connections" + - "round_robin" + - "weighted_round_robin" + type: "string" + healthMonitor: + description: "healthMonitor defines the backend pool's health monitor." + properties: + delay: + description: "delay defines the seconds to wait between health checks." + format: "int64" + maximum: 60.0 + minimum: 2.0 + type: "integer" + port: + description: "port defines the port to perform health monitoring on." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + retries: + description: "retries defines the max retries for health check." + format: "int64" + maximum: 10.0 + minimum: 1.0 + type: "integer" + timeout: + description: "timeout defines the seconds to wait for a health check response." + format: "int64" + maximum: 59.0 + minimum: 1.0 + type: "integer" + type: + description: "type defines the protocol used for health checks." + enum: + - "http" + - "https" + - "tcp" + type: "string" + urlPath: + description: "urlPath defines the URL to use for health monitoring." + pattern: "^\\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\\/?]|%[a-fA-F0-9]{2})*)?$" + type: "string" + required: + - "delay" + - "retries" + - "timeout" + - "type" + type: "object" + name: + description: "name defines the name of the Backend Pool." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" + protocol: + description: "protocol defines the protocol to use for the Backend Pool." + enum: + - "http" + - "https" + - "tcp" + - "udp" + type: "string" + required: + - "algorithm" + - "healthMonitor" + - "protocol" + type: "object" + type: "array" id: description: "id of the loadbalancer" maxLength: 64 @@ -158,6 +248,42 @@ spec: default: true description: "public indicates that load balancer is public or private" type: "boolean" + securityGroups: + description: "securityGroups defines the Security Groups to attach to the load balancer.\nSecurity Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer)." + items: + description: "VPCResource represents a VPC resource." + properties: + id: + description: "id of the resource." + minLength: 1 + type: "string" + name: + description: "name of the resource." + minLength: 1 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "an id or name must be provided" + rule: "has(self.id) || has(self.name)" + type: "array" + subnets: + description: "subnets defines the VPC Subnets to attach to the load balancer.\nSubnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer)." + items: + description: "VPCResource represents a VPC resource." + properties: + id: + description: "id of the resource." + minLength: 1 + type: "string" + name: + description: "name of the resource." + minLength: 1 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "an id or name must be provided" + rule: "has(self.id) || has(self.name)" + type: "array" type: "object" type: "array" network: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml index 61262e259..521c436cf 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -135,12 +135,26 @@ spec: items: description: "AdditionalListenerSpec defines the desired state of an\nadditional listener on an VPC load balancer." properties: + defaultPoolName: + description: "defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" port: description: "Port sets the port for the additional listener." format: "int64" maximum: 65535.0 minimum: 1.0 type: "integer" + protocol: + description: "protocol defines the protocol to use for the VPC Load Balancer Listener.\nWill default to TCP protocol if not specified." + enum: + - "http" + - "https" + - "tcp" + - "udp" + type: "string" required: - "port" type: "object" @@ -148,6 +162,82 @@ spec: x-kubernetes-list-map-keys: - "port" x-kubernetes-list-type: "map" + backendPools: + description: "backendPools defines the load balancer's backend pools." + items: + description: "VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool." + properties: + algorithm: + description: "algorithm defines the load balancing algorithm to use." + enum: + - "least_connections" + - "round_robin" + - "weighted_round_robin" + type: "string" + healthMonitor: + description: "healthMonitor defines the backend pool's health monitor." + properties: + delay: + description: "delay defines the seconds to wait between health checks." + format: "int64" + maximum: 60.0 + minimum: 2.0 + type: "integer" + port: + description: "port defines the port to perform health monitoring on." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + retries: + description: "retries defines the max retries for health check." + format: "int64" + maximum: 10.0 + minimum: 1.0 + type: "integer" + timeout: + description: "timeout defines the seconds to wait for a health check response." + format: "int64" + maximum: 59.0 + minimum: 1.0 + type: "integer" + type: + description: "type defines the protocol used for health checks." + enum: + - "http" + - "https" + - "tcp" + type: "string" + urlPath: + description: "urlPath defines the URL to use for health monitoring." + pattern: "^\\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\\/?]|%[a-fA-F0-9]{2})*)?$" + type: "string" + required: + - "delay" + - "retries" + - "timeout" + - "type" + type: "object" + name: + description: "name defines the name of the Backend Pool." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" + protocol: + description: "protocol defines the protocol to use for the Backend Pool." + enum: + - "http" + - "https" + - "tcp" + - "udp" + type: "string" + required: + - "algorithm" + - "healthMonitor" + - "protocol" + type: "object" + type: "array" id: description: "id of the loadbalancer" maxLength: 64 @@ -164,6 +254,42 @@ spec: default: true description: "public indicates that load balancer is public or private" type: "boolean" + securityGroups: + description: "securityGroups defines the Security Groups to attach to the load balancer.\nSecurity Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer)." + items: + description: "VPCResource represents a VPC resource." + properties: + id: + description: "id of the resource." + minLength: 1 + type: "string" + name: + description: "name of the resource." + minLength: 1 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "an id or name must be provided" + rule: "has(self.id) || has(self.name)" + type: "array" + subnets: + description: "subnets defines the VPC Subnets to attach to the load balancer.\nSubnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer)." + items: + description: "VPCResource represents a VPC resource." + properties: + id: + description: "id of the resource." + minLength: 1 + type: "string" + name: + description: "name of the resource." + minLength: 1 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "an id or name must be provided" + rule: "has(self.id) || has(self.name)" + type: "array" type: "object" type: "array" network: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsimages.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsimages.yaml index e63e467a9..06a7bbc32 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsimages.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsimages.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsimages.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachines.yaml index deee3123b..03f7f7728 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachines.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsmachines.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -85,7 +85,8 @@ spec: description: "ImageRef is an optional reference to a provider-specific resource that holds\nthe details for provisioning the Image for a Cluster." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachinetemplates.yaml index cf798543e..01de7630f 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachinetemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -55,7 +55,8 @@ spec: description: "ImageRef is an optional reference to a provider-specific resource that holds\nthe details for provisioning the Image for a Cluster." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml index f154e9ddb..d359df8ce 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmvpcclusters.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -55,19 +55,33 @@ spec: - "port" type: "object" controlPlaneLoadBalancer: - description: "ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior." + description: "ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior.\nUse this for legacy support, use Network.LoadBalancers for the extended VPC support." properties: additionalListeners: description: "AdditionalListeners sets the additional listeners for the control plane load balancer." items: description: "AdditionalListenerSpec defines the desired state of an\nadditional listener on an VPC load balancer." properties: + defaultPoolName: + description: "defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" port: description: "Port sets the port for the additional listener." format: "int64" maximum: 65535.0 minimum: 1.0 type: "integer" + protocol: + description: "protocol defines the protocol to use for the VPC Load Balancer Listener.\nWill default to TCP protocol if not specified." + enum: + - "http" + - "https" + - "tcp" + - "udp" + type: "string" required: - "port" type: "object" @@ -75,6 +89,82 @@ spec: x-kubernetes-list-map-keys: - "port" x-kubernetes-list-type: "map" + backendPools: + description: "backendPools defines the load balancer's backend pools." + items: + description: "VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool." + properties: + algorithm: + description: "algorithm defines the load balancing algorithm to use." + enum: + - "least_connections" + - "round_robin" + - "weighted_round_robin" + type: "string" + healthMonitor: + description: "healthMonitor defines the backend pool's health monitor." + properties: + delay: + description: "delay defines the seconds to wait between health checks." + format: "int64" + maximum: 60.0 + minimum: 2.0 + type: "integer" + port: + description: "port defines the port to perform health monitoring on." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + retries: + description: "retries defines the max retries for health check." + format: "int64" + maximum: 10.0 + minimum: 1.0 + type: "integer" + timeout: + description: "timeout defines the seconds to wait for a health check response." + format: "int64" + maximum: 59.0 + minimum: 1.0 + type: "integer" + type: + description: "type defines the protocol used for health checks." + enum: + - "http" + - "https" + - "tcp" + type: "string" + urlPath: + description: "urlPath defines the URL to use for health monitoring." + pattern: "^\\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\\/?]|%[a-fA-F0-9]{2})*)?$" + type: "string" + required: + - "delay" + - "retries" + - "timeout" + - "type" + type: "object" + name: + description: "name defines the name of the Backend Pool." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" + protocol: + description: "protocol defines the protocol to use for the Backend Pool." + enum: + - "http" + - "https" + - "tcp" + - "udp" + type: "string" + required: + - "algorithm" + - "healthMonitor" + - "protocol" + type: "object" + type: "array" id: description: "id of the loadbalancer" maxLength: 64 @@ -91,7 +181,88 @@ spec: default: true description: "public indicates that load balancer is public or private" type: "boolean" + securityGroups: + description: "securityGroups defines the Security Groups to attach to the load balancer.\nSecurity Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer)." + items: + description: "VPCResource represents a VPC resource." + properties: + id: + description: "id of the resource." + minLength: 1 + type: "string" + name: + description: "name of the resource." + minLength: 1 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "an id or name must be provided" + rule: "has(self.id) || has(self.name)" + type: "array" + subnets: + description: "subnets defines the VPC Subnets to attach to the load balancer.\nSubnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer)." + items: + description: "VPCResource represents a VPC resource." + properties: + id: + description: "id of the resource." + minLength: 1 + type: "string" + name: + description: "name of the resource." + minLength: 1 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "an id or name must be provided" + rule: "has(self.id) || has(self.name)" + type: "array" + type: "object" + image: + description: "image represents the Image details used for the cluster." + properties: + cosBucket: + description: "cosBucket is the name of the IBM Cloud COS Bucket containing the source of the image, if necessary." + type: "string" + cosBucketRegion: + description: "cosBucketRegion is the COS region the bucket is in." + type: "string" + cosInstance: + description: "cosInstance is the name of the IBM Cloud COS Instance containing the source of the image, if necessary." + type: "string" + cosObject: + description: "cosObject is the name of a IBM Cloud COS Object used as the source of the image, if necessary." + type: "string" + crn: + description: "crn is the IBM Cloud CRN of the existing VPC Custom Image." + type: "string" + name: + description: "name is the name of the desired VPC Custom Image." + maxLength: 63 + minLength: 1 + pattern: "'/^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$/'" + type: "string" + operatingSystem: + description: "operatingSystem is the Custom Image's Operating System name." + type: "string" + resourceGroup: + description: "resourceGroup is the Resource Group to create the Custom Image in." + properties: + id: + description: "id defines the IBM Cloud Resource ID." + type: "string" + name: + description: "name defines the IBM Cloud Resource Name." + type: "string" + required: + - "id" + type: "object" type: "object" + x-kubernetes-validations: + - message: "if any of cosInstance, cosBucket, or cosObject are specified, all must be specified" + rule: "(!has(self.cosInstance) && !has(self.cosBucket) && !has(self.cosObject)) || (has(self.cosInstance) && has(self.cosBucket) && has(self.cosObject))" + - message: "an existing image name or crn must be provided, or to create a new image the cos resources must be provided, with or without a name" + rule: "has(self.name) || has(self.crn) || (has(self.cosInstance) && has(self.cosBucket) && has(self.cosObject))" network: description: "network represents the VPC network to use for the cluster." properties: @@ -116,9 +287,410 @@ spec: type: "string" type: "object" type: "array" + loadBalancers: + description: "loadBalancers is a set of VPC Load Balancer definitions to use for the cluster." + items: + description: "VPCLoadBalancerSpec defines the desired state of an VPC load balancer." + properties: + additionalListeners: + description: "AdditionalListeners sets the additional listeners for the control plane load balancer." + items: + description: "AdditionalListenerSpec defines the desired state of an\nadditional listener on an VPC load balancer." + properties: + defaultPoolName: + description: "defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" + port: + description: "Port sets the port for the additional listener." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + protocol: + description: "protocol defines the protocol to use for the VPC Load Balancer Listener.\nWill default to TCP protocol if not specified." + enum: + - "http" + - "https" + - "tcp" + - "udp" + type: "string" + required: + - "port" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "port" + x-kubernetes-list-type: "map" + backendPools: + description: "backendPools defines the load balancer's backend pools." + items: + description: "VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool." + properties: + algorithm: + description: "algorithm defines the load balancing algorithm to use." + enum: + - "least_connections" + - "round_robin" + - "weighted_round_robin" + type: "string" + healthMonitor: + description: "healthMonitor defines the backend pool's health monitor." + properties: + delay: + description: "delay defines the seconds to wait between health checks." + format: "int64" + maximum: 60.0 + minimum: 2.0 + type: "integer" + port: + description: "port defines the port to perform health monitoring on." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + retries: + description: "retries defines the max retries for health check." + format: "int64" + maximum: 10.0 + minimum: 1.0 + type: "integer" + timeout: + description: "timeout defines the seconds to wait for a health check response." + format: "int64" + maximum: 59.0 + minimum: 1.0 + type: "integer" + type: + description: "type defines the protocol used for health checks." + enum: + - "http" + - "https" + - "tcp" + type: "string" + urlPath: + description: "urlPath defines the URL to use for health monitoring." + pattern: "^\\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\\/?]|%[a-fA-F0-9]{2})*)?$" + type: "string" + required: + - "delay" + - "retries" + - "timeout" + - "type" + type: "object" + name: + description: "name defines the name of the Backend Pool." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" + protocol: + description: "protocol defines the protocol to use for the Backend Pool." + enum: + - "http" + - "https" + - "tcp" + - "udp" + type: "string" + required: + - "algorithm" + - "healthMonitor" + - "protocol" + type: "object" + type: "array" + id: + description: "id of the loadbalancer" + maxLength: 64 + minLength: 1 + pattern: "^[-0-9a-z_]+$" + type: "string" + name: + description: "Name sets the name of the VPC load balancer." + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" + type: "string" + public: + default: true + description: "public indicates that load balancer is public or private" + type: "boolean" + securityGroups: + description: "securityGroups defines the Security Groups to attach to the load balancer.\nSecurity Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer)." + items: + description: "VPCResource represents a VPC resource." + properties: + id: + description: "id of the resource." + minLength: 1 + type: "string" + name: + description: "name of the resource." + minLength: 1 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "an id or name must be provided" + rule: "has(self.id) || has(self.name)" + type: "array" + subnets: + description: "subnets defines the VPC Subnets to attach to the load balancer.\nSubnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer)." + items: + description: "VPCResource represents a VPC resource." + properties: + id: + description: "id of the resource." + minLength: 1 + type: "string" + name: + description: "name of the resource." + minLength: 1 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "an id or name must be provided" + rule: "has(self.id) || has(self.name)" + type: "array" + type: "object" + type: "array" resourceGroup: - description: "resourceGroup is the name of the Resource Group containing all of the newtork resources.\nThis can be different than the Resource Group containing the remaining cluster resources." - type: "string" + description: "resourceGroup is the Resource Group containing all of the newtork resources.\nThis can be different than the Resource Group containing the remaining cluster resources." + properties: + id: + description: "id defines the IBM Cloud Resource ID." + type: "string" + name: + description: "name defines the IBM Cloud Resource Name." + type: "string" + required: + - "id" + type: "object" + securityGroups: + description: "securityGroups is a set of VPCSecurityGroup's which define the VPC Security Groups that manage traffic within and out of the VPC." + items: + description: "VPCSecurityGroup defines a VPC Security Group that should exist or be created within the specified VPC, with the specified Security Group Rules." + properties: + id: + description: "id of the Security Group." + type: "string" + name: + description: "name of the Security Group." + type: "string" + rules: + description: "rules are the Security Group Rules for the Security Group." + items: + description: "VPCSecurityGroupRule defines a VPC Security Group Rule for a specified Security Group." + properties: + action: + description: "action defines whether to allow or deny traffic defined by the Security Group Rule." + enum: + - "allow" + - "deny" + type: "string" + destination: + description: "destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule.\nOnly used when direction is VPCSecurityGroupRuleDirectionOutbound." + properties: + icmpCode: + description: "icmpCode is the ICMP code for the Rule.\nOnly used when Protocol is VPCSecurityGroupRuleProtocolIcmp." + format: "int64" + type: "integer" + icmpType: + description: "icmpType is the ICMP type for the Rule.\nOnly used when Protocol is VPCSecurityGroupRuleProtocolIcmp." + format: "int64" + type: "integer" + portRange: + description: "portRange is a range of ports allowed for the Rule's remote." + properties: + maximumPort: + description: "maximumPort is the inclusive upper range of ports." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + minimumPort: + description: "minimumPort is the inclusive lower range of ports." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + type: "object" + x-kubernetes-validations: + - message: "maximum port must be greater than or equal to minimum port" + rule: "self.maximumPort >= self.minimumPort" + protocol: + description: "protocol defines the traffic protocol used for the Security Group Rule." + enum: + - "all" + - "icmp" + - "tcp" + - "udp" + type: "string" + remotes: + description: "remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote.\nSpecifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc.\nThis allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc." + items: + description: "VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details.\nThe type of remote defines the additional remote details where are used for defining the remote." + properties: + address: + description: " address is the address to use for the remote's destination/source.\nOnly used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress." + type: "string" + cidrSubnetName: + description: "cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source.\nOnly used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR." + type: "string" + remoteType: + description: "remoteType defines the type of filter to define for the remote's destination/source." + enum: + - "any" + - "cidr" + - "address" + - "sg" + type: "string" + securityGroupName: + description: "securityGroupName is the name of the VPC Security Group to use for the remote's destination/source.\nOnly used when remoteType is VPCSecurityGroupRuleRemoteTypeSG" + type: "string" + required: + - "remoteType" + type: "object" + x-kubernetes-validations: + - message: "cidrSubnetName, addresss, and securityGroupName are not valid for VPCSecurityGroupRuleRemoteTypeAny remoteType" + rule: "self.remoteType == 'any' ? (!has(self.cidrSubnetName) && !has(self.address) && !has(self.securityGroupName)) : true" + - message: "only cidrSubnetName is valid for VPCSecurityGroupRuleRemoteTypeCIDR remoteType" + rule: "self.remoteType == 'cidr' ? (has(self.cidrSubnetName) && !has(self.address) && !has(self.securityGroupName)) : true" + - message: "only address is valid for VPCSecurityGroupRuleRemoteTypeIP remoteType" + rule: "self.remoteType == 'address' ? (has(self.address) && !has(self.cidrSubnetName) && !has(self.securityGroupName)) : true" + - message: "only securityGroupName is valid for VPCSecurityGroupRuleRemoteTypeSG remoteType" + rule: "self.remoteType == 'sg' ? (has(self.securityGroupName) && !has(self.cidrSubnetName) && !has(self.address)) : true" + type: "array" + required: + - "protocol" + - "remotes" + type: "object" + x-kubernetes-validations: + - message: "icmpCode and icmpType are only supported for VPCSecurityGroupRuleProtocolIcmp protocol" + rule: "self.protocol != 'icmp' ? (!has(self.icmpCode) && !has(self.icmpType)) : true" + - message: "portRange is not valid for VPCSecurityGroupRuleProtocolAll protocol" + rule: "self.protocol == 'all' ? !has(self.portRange) : true" + - message: "portRange is not valid for VPCSecurityGroupRuleProtocolIcmp protocol" + rule: "self.protocol == 'icmp' ? !has(self.portRange) : true" + direction: + description: "direction defines whether the traffic is inbound or outbound for the Security Group Rule." + enum: + - "inbound" + - "outbound" + type: "string" + securityGroupID: + description: "securityGroupID is the ID of the Security Group for the Security Group Rule." + type: "string" + source: + description: "source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule.\nOnly used when direction is VPCSecurityGroupRuleDirectionInbound." + properties: + icmpCode: + description: "icmpCode is the ICMP code for the Rule.\nOnly used when Protocol is VPCSecurityGroupRuleProtocolIcmp." + format: "int64" + type: "integer" + icmpType: + description: "icmpType is the ICMP type for the Rule.\nOnly used when Protocol is VPCSecurityGroupRuleProtocolIcmp." + format: "int64" + type: "integer" + portRange: + description: "portRange is a range of ports allowed for the Rule's remote." + properties: + maximumPort: + description: "maximumPort is the inclusive upper range of ports." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + minimumPort: + description: "minimumPort is the inclusive lower range of ports." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + type: "object" + x-kubernetes-validations: + - message: "maximum port must be greater than or equal to minimum port" + rule: "self.maximumPort >= self.minimumPort" + protocol: + description: "protocol defines the traffic protocol used for the Security Group Rule." + enum: + - "all" + - "icmp" + - "tcp" + - "udp" + type: "string" + remotes: + description: "remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote.\nSpecifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc.\nThis allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc." + items: + description: "VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details.\nThe type of remote defines the additional remote details where are used for defining the remote." + properties: + address: + description: " address is the address to use for the remote's destination/source.\nOnly used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress." + type: "string" + cidrSubnetName: + description: "cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source.\nOnly used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR." + type: "string" + remoteType: + description: "remoteType defines the type of filter to define for the remote's destination/source." + enum: + - "any" + - "cidr" + - "address" + - "sg" + type: "string" + securityGroupName: + description: "securityGroupName is the name of the VPC Security Group to use for the remote's destination/source.\nOnly used when remoteType is VPCSecurityGroupRuleRemoteTypeSG" + type: "string" + required: + - "remoteType" + type: "object" + x-kubernetes-validations: + - message: "cidrSubnetName, addresss, and securityGroupName are not valid for VPCSecurityGroupRuleRemoteTypeAny remoteType" + rule: "self.remoteType == 'any' ? (!has(self.cidrSubnetName) && !has(self.address) && !has(self.securityGroupName)) : true" + - message: "only cidrSubnetName is valid for VPCSecurityGroupRuleRemoteTypeCIDR remoteType" + rule: "self.remoteType == 'cidr' ? (has(self.cidrSubnetName) && !has(self.address) && !has(self.securityGroupName)) : true" + - message: "only address is valid for VPCSecurityGroupRuleRemoteTypeIP remoteType" + rule: "self.remoteType == 'address' ? (has(self.address) && !has(self.cidrSubnetName) && !has(self.securityGroupName)) : true" + - message: "only securityGroupName is valid for VPCSecurityGroupRuleRemoteTypeSG remoteType" + rule: "self.remoteType == 'sg' ? (has(self.securityGroupName) && !has(self.cidrSubnetName) && !has(self.address)) : true" + type: "array" + required: + - "protocol" + - "remotes" + type: "object" + x-kubernetes-validations: + - message: "icmpCode and icmpType are only supported for VPCSecurityGroupRuleProtocolIcmp protocol" + rule: "self.protocol != 'icmp' ? (!has(self.icmpCode) && !has(self.icmpType)) : true" + - message: "portRange is not valid for VPCSecurityGroupRuleProtocolAll protocol" + rule: "self.protocol == 'all' ? !has(self.portRange) : true" + - message: "portRange is not valid for VPCSecurityGroupRuleProtocolIcmp protocol" + rule: "self.protocol == 'icmp' ? !has(self.portRange) : true" + required: + - "action" + - "direction" + type: "object" + x-kubernetes-validations: + - message: "both destination and source cannot be provided" + rule: "(has(self.destination) && !has(self.source)) || (!has(self.destination) && has(self.source))" + - message: "source must be set for VPCSecurityGroupRuleDirectionInbound direction" + rule: "self.direction == 'inbound' ? has(self.source) : true" + - message: "destination is not valid for VPCSecurityGroupRuleDirectionInbound direction" + rule: "self.direction == 'inbound' ? !has(self.destination) : true" + - message: "destination must be set for VPCSecurityGroupRuleDirectionOutbound direction" + rule: "self.direction == 'outbound' ? has(self.destination) : true" + - message: "source is not valid for VPCSecurityGroupRuleDirectionOutbound direction" + rule: "self.direction == 'outbound' ? !has(self.source) : true" + type: "array" + tags: + description: "tags are tags to add to the Security Group." + items: + type: "string" + type: "array" + type: "object" + x-kubernetes-validations: + - message: "either an id or name must be specified" + rule: "has(self.id) || has(self.name)" + type: "array" vpc: description: "vpc defines the IBM Cloud VPC for extended VPC Infrastructure support." properties: @@ -208,9 +780,83 @@ spec: controlPlaneLoadBalancerState: description: "ControlPlaneLoadBalancerState is the status of the load balancer." type: "string" + image: + description: "image is the status of the VPC Custom Image." + properties: + id: + description: "id defines the Id of the IBM Cloud resource status." + type: "string" + name: + description: "name defines the name of the IBM Cloud resource status." + type: "string" + ready: + description: "ready defines whether the IBM Cloud resource is ready." + type: "boolean" + required: + - "id" + - "ready" + type: "object" network: description: "network is the status of the VPC network resources for extended VPC Infrastructure support." properties: + controlPlaneSubnets: + additionalProperties: + description: "ResourceStatus identifies a resource by id (and name) and whether it is ready." + properties: + id: + description: "id defines the Id of the IBM Cloud resource status." + type: "string" + name: + description: "name defines the name of the IBM Cloud resource status." + type: "string" + ready: + description: "ready defines whether the IBM Cloud resource is ready." + type: "boolean" + required: + - "id" + - "ready" + type: "object" + description: "controlPlaneSubnets references the VPC Subnets for the cluster's Control Plane.\nThe map simplifies lookups." + type: "object" + loadBalancers: + additionalProperties: + description: "VPCLoadBalancerStatus defines the status VPC load balancer." + properties: + controllerCreated: + default: false + description: "controllerCreated indicates whether the resource is created by the controller." + type: "boolean" + hostname: + description: "hostname is the hostname of load balancer." + type: "string" + id: + description: "id of VPC load balancer." + type: "string" + state: + description: "State is the status of the load balancer." + type: "string" + type: "object" + description: "loadBalancers references the VPC Load Balancer's for the cluster.\nThe map simplifies lookups." + type: "object" + publicGateways: + additionalProperties: + description: "ResourceStatus identifies a resource by id (and name) and whether it is ready." + properties: + id: + description: "id defines the Id of the IBM Cloud resource status." + type: "string" + name: + description: "name defines the name of the IBM Cloud resource status." + type: "string" + ready: + description: "ready defines whether the IBM Cloud resource is ready." + type: "boolean" + required: + - "id" + - "ready" + type: "object" + description: "publicGateways references the VPC Public Gateways for the cluster.\nThe map simplifies lookups." + type: "object" resourceGroup: description: "resourceGroup references the Resource Group for Network resources for the cluster.\nThis can be the same or unique from the cluster's Resource Group." properties: @@ -227,6 +873,25 @@ spec: - "id" - "ready" type: "object" + securityGroups: + additionalProperties: + description: "ResourceStatus identifies a resource by id (and name) and whether it is ready." + properties: + id: + description: "id defines the Id of the IBM Cloud resource status." + type: "string" + name: + description: "name defines the name of the IBM Cloud resource status." + type: "string" + ready: + description: "ready defines whether the IBM Cloud resource is ready." + type: "boolean" + required: + - "id" + - "ready" + type: "object" + description: "securityGroups references the VPC Security Groups for the cluster.\nThe map simplifies lookups." + type: "object" vpc: description: "vpc references the status of the IBM Cloud VPC as part of the extended VPC Infrastructure support." properties: @@ -243,6 +908,25 @@ spec: - "id" - "ready" type: "object" + workerSubnets: + additionalProperties: + description: "ResourceStatus identifies a resource by id (and name) and whether it is ready." + properties: + id: + description: "id defines the Id of the IBM Cloud resource status." + type: "string" + name: + description: "name defines the name of the IBM Cloud resource status." + type: "string" + ready: + description: "ready defines whether the IBM Cloud resource is ready." + type: "boolean" + required: + - "id" + - "ready" + type: "object" + description: "workerSubnets references the VPC Subnets for the cluster's Data Plane.\nThe map simplifies lookups." + type: "object" type: "object" ready: default: false @@ -283,7 +967,7 @@ spec: type: "string" type: "object" vpc: - description: "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster\nImportant: Run \"make\" to regenerate code after modifying this file\ndep: rely on Network instead." + description: "Important: Run \"make\" to regenerate code after modifying this file\ndep: rely on Network instead." properties: id: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachines.yaml index f4b0a5980..a8a8614d4 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachines.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmvpcmachines.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachinetemplates.yaml index 7475be08d..6574ad824 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachinetemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api/addons.cluster.x-k8s.io/v1beta1/clusterresourcesets.yaml b/crd-catalog/kubernetes-sigs/cluster-api/addons.cluster.x-k8s.io/v1beta1/clusterresourcesets.yaml index dbe7f8299..eb684d485 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/addons.cluster.x-k8s.io/v1beta1/clusterresourcesets.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/addons.cluster.x-k8s.io/v1beta1/clusterresourcesets.yaml @@ -114,7 +114,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusterclasses.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusterclasses.yaml index 03e4de314..74ed13af9 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusterclasses.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusterclasses.yaml @@ -890,7 +890,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml index 611547c6d..216d34e53 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml @@ -600,7 +600,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinedeployments.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinedeployments.yaml index 4da6f72d8..6d70f9f3e 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinedeployments.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinedeployments.yaml @@ -306,7 +306,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml index 18ef83e5d..167eaaa30 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml @@ -170,7 +170,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml index fd38bd62b..d76ba1332 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml @@ -215,7 +215,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machines.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machines.yaml index 8dea99f94..3ea450676 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machines.yaml @@ -183,7 +183,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinesets.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinesets.yaml index 5b2de7e3b..551553b93 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinesets.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinesets.yaml @@ -246,7 +246,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/ipam.cluster.x-k8s.io/v1alpha1/ipaddressclaims.yaml b/crd-catalog/kubernetes-sigs/cluster-api/ipam.cluster.x-k8s.io/v1alpha1/ipaddressclaims.yaml index 3b0e9bd78..8c51e029b 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/ipam.cluster.x-k8s.io/v1alpha1/ipaddressclaims.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/ipam.cluster.x-k8s.io/v1alpha1/ipaddressclaims.yaml @@ -89,7 +89,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/ipam.cluster.x-k8s.io/v1beta1/ipaddressclaims.yaml b/crd-catalog/kubernetes-sigs/cluster-api/ipam.cluster.x-k8s.io/v1beta1/ipaddressclaims.yaml index 6738acd42..3bed28591 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/ipam.cluster.x-k8s.io/v1beta1/ipaddressclaims.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/ipam.cluster.x-k8s.io/v1beta1/ipaddressclaims.yaml @@ -92,7 +92,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/cluster-api/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs.yaml b/crd-catalog/kubernetes-sigs/cluster-api/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs.yaml index 407347423..b10fd79f2 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs.yaml @@ -126,7 +126,7 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml index 2fae541ff..fc4c8df18 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml @@ -202,7 +202,7 @@ spec: x-kubernetes-list-type: "map" type: "object" requestMirror: - description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended\n\n\n" properties: backendRef: description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" @@ -243,9 +243,36 @@ spec: x-kubernetes-validations: - message: "Must have port for Service reference" rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + fraction: + description: "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + properties: + denominator: + default: 100 + format: "int32" + minimum: 1.0 + type: "integer" + numerator: + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "numerator" + type: "object" + x-kubernetes-validations: + - message: "numerator must be less than or equal to denominator" + rule: "self.numerator <= self.denominator" + percent: + description: "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" required: - "backendRef" type: "object" + x-kubernetes-validations: + - message: "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter" + rule: "!(has(self.percent) && has(self.fraction))" responseHeaderModifier: description: "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" properties: @@ -478,7 +505,7 @@ spec: x-kubernetes-list-type: "map" type: "object" requestMirror: - description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended\n\n\n" properties: backendRef: description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" @@ -519,9 +546,36 @@ spec: x-kubernetes-validations: - message: "Must have port for Service reference" rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + fraction: + description: "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + properties: + denominator: + default: 100 + format: "int32" + minimum: 1.0 + type: "integer" + numerator: + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "numerator" + type: "object" + x-kubernetes-validations: + - message: "numerator must be less than or equal to denominator" + rule: "self.numerator <= self.denominator" + percent: + description: "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" required: - "backendRef" type: "object" + x-kubernetes-validations: + - message: "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter" + rule: "!(has(self.percent) && has(self.fraction))" responseHeaderModifier: description: "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" properties: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml index 3f580d950..264c59ca2 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml @@ -207,7 +207,7 @@ spec: x-kubernetes-list-type: "map" type: "object" requestMirror: - description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended\n\n\n" properties: backendRef: description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" @@ -248,9 +248,36 @@ spec: x-kubernetes-validations: - message: "Must have port for Service reference" rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + fraction: + description: "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + properties: + denominator: + default: 100 + format: "int32" + minimum: 1.0 + type: "integer" + numerator: + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "numerator" + type: "object" + x-kubernetes-validations: + - message: "numerator must be less than or equal to denominator" + rule: "self.numerator <= self.denominator" + percent: + description: "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" required: - "backendRef" type: "object" + x-kubernetes-validations: + - message: "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter" + rule: "!(has(self.percent) && has(self.fraction))" requestRedirect: description: "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" properties: @@ -598,7 +625,7 @@ spec: x-kubernetes-list-type: "map" type: "object" requestMirror: - description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended\n\n\n" properties: backendRef: description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" @@ -639,9 +666,36 @@ spec: x-kubernetes-validations: - message: "Must have port for Service reference" rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + fraction: + description: "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + properties: + denominator: + default: 100 + format: "int32" + minimum: 1.0 + type: "integer" + numerator: + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "numerator" + type: "object" + x-kubernetes-validations: + - message: "numerator must be less than or equal to denominator" + rule: "self.numerator <= self.denominator" + percent: + description: "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" required: - "backendRef" type: "object" + x-kubernetes-validations: + - message: "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter" + rule: "!(has(self.percent) && has(self.fraction))" requestRedirect: description: "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" properties: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml index 8cb35ffcc..f9453ea27 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml @@ -197,7 +197,7 @@ spec: x-kubernetes-list-type: "map" type: "object" requestMirror: - description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended\n\n\n" properties: backendRef: description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" @@ -238,9 +238,36 @@ spec: x-kubernetes-validations: - message: "Must have port for Service reference" rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + fraction: + description: "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + properties: + denominator: + default: 100 + format: "int32" + minimum: 1.0 + type: "integer" + numerator: + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "numerator" + type: "object" + x-kubernetes-validations: + - message: "numerator must be less than or equal to denominator" + rule: "self.numerator <= self.denominator" + percent: + description: "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" required: - "backendRef" type: "object" + x-kubernetes-validations: + - message: "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter" + rule: "!(has(self.percent) && has(self.fraction))" responseHeaderModifier: description: "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" properties: @@ -473,7 +500,7 @@ spec: x-kubernetes-list-type: "map" type: "object" requestMirror: - description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended\n\n\n" properties: backendRef: description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" @@ -514,9 +541,36 @@ spec: x-kubernetes-validations: - message: "Must have port for Service reference" rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + fraction: + description: "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + properties: + denominator: + default: 100 + format: "int32" + minimum: 1.0 + type: "integer" + numerator: + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "numerator" + type: "object" + x-kubernetes-validations: + - message: "numerator must be less than or equal to denominator" + rule: "self.numerator <= self.denominator" + percent: + description: "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" required: - "backendRef" type: "object" + x-kubernetes-validations: + - message: "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter" + rule: "!(has(self.percent) && has(self.fraction))" responseHeaderModifier: description: "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" properties: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml index e99a166cd..cfb0ac4ee 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml @@ -207,7 +207,7 @@ spec: x-kubernetes-list-type: "map" type: "object" requestMirror: - description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended\n\n\n" properties: backendRef: description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" @@ -248,9 +248,36 @@ spec: x-kubernetes-validations: - message: "Must have port for Service reference" rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + fraction: + description: "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + properties: + denominator: + default: 100 + format: "int32" + minimum: 1.0 + type: "integer" + numerator: + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "numerator" + type: "object" + x-kubernetes-validations: + - message: "numerator must be less than or equal to denominator" + rule: "self.numerator <= self.denominator" + percent: + description: "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" required: - "backendRef" type: "object" + x-kubernetes-validations: + - message: "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter" + rule: "!(has(self.percent) && has(self.fraction))" requestRedirect: description: "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" properties: @@ -598,7 +625,7 @@ spec: x-kubernetes-list-type: "map" type: "object" requestMirror: - description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended\n\n\n" properties: backendRef: description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" @@ -639,9 +666,36 @@ spec: x-kubernetes-validations: - message: "Must have port for Service reference" rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + fraction: + description: "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + properties: + denominator: + default: 100 + format: "int32" + minimum: 1.0 + type: "integer" + numerator: + format: "int32" + minimum: 0.0 + type: "integer" + required: + - "numerator" + type: "object" + x-kubernetes-validations: + - message: "numerator must be less than or equal to denominator" + rule: "self.numerator <= self.denominator" + percent: + description: "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.\n\n\n" + format: "int32" + maximum: 100.0 + minimum: 0.0 + type: "integer" required: - "backendRef" type: "object" + x-kubernetes-validations: + - message: "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter" + rule: "!(has(self.percent) && has(self.fraction))" requestRedirect: description: "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" properties: diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml index f9ee27377..df3629595 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "modules.kmm.sigs.x-k8s.io" spec: group: "kmm.sigs.x-k8s.io" @@ -66,7 +66,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -116,7 +116,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -140,13 +140,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -191,7 +194,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -218,7 +221,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -246,12 +249,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -297,7 +302,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -321,7 +326,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -361,7 +366,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -382,7 +387,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -470,10 +475,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -582,7 +587,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -599,7 +604,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -643,7 +648,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -664,7 +669,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -711,7 +716,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -722,6 +727,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -732,7 +747,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -741,6 +756,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -761,7 +777,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -839,12 +855,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -920,7 +936,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1007,7 +1023,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -1063,12 +1079,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -1078,6 +1095,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -1088,11 +1106,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -1103,6 +1122,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -1119,7 +1139,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1127,6 +1147,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -1192,7 +1213,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1233,7 +1254,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1275,7 +1296,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1293,7 +1314,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1357,7 +1378,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1375,7 +1396,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1423,7 +1444,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1437,7 +1458,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1537,7 +1558,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1551,7 +1572,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml index c8be327e1..e2a4dee1c 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "nodemodulesconfigs.kmm.sigs.x-k8s.io" spec: group: "kmm.sigs.x-k8s.io" @@ -116,7 +116,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -222,7 +222,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/preflightvalidations.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/preflightvalidations.yaml index ccf99c208..52cb603d0 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/preflightvalidations.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/preflightvalidations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "preflightvalidations.kmm.sigs.x-k8s.io" spec: group: "kmm.sigs.x-k8s.io" @@ -77,6 +77,8 @@ spec: description: "CRStatuses contain observations about each Module's preflight upgradability validation" type: "object" type: "object" + required: + - "spec" type: "object" served: true storage: false diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta2/preflightvalidations.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta2/preflightvalidations.yaml index 21550afa7..8503fb8e0 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta2/preflightvalidations.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta2/preflightvalidations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "preflightvalidations.kmm.sigs.x-k8s.io" spec: group: "kmm.sigs.x-k8s.io" @@ -88,6 +88,8 @@ spec: - "name" x-kubernetes-list-type: "map" type: "object" + required: + - "spec" type: "object" served: true storage: true diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/clusterqueues.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/clusterqueues.yaml index 37f4e5043..f4331ed57 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/clusterqueues.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/clusterqueues.yaml @@ -231,7 +231,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "lendingLimit is the maximum amount of unused quota for the [flavor, resource]\ncombination that this ClusterQueue can lend to other ClusterQueues in the same cohort.\nIn total, at a given time, ClusterQueue reserves for its exclusive use\na quantity of quota equals to nominalQuota - lendingLimit.\nIf null, it means that there is no lending limit, meaning that\nall the nominalQuota can be borrowed by other clusterQueues in the cohort.\nIf not null, it must be non-negative.\nlendingLimit must be null if spec.cohort is empty.\nThis field is in alpha stage. To be able to use this field,\nenable the feature gate LendingLimit, which is disabled by default." + description: "lendingLimit is the maximum amount of unused quota for the [flavor, resource]\ncombination that this ClusterQueue can lend to other ClusterQueues in the same cohort.\nIn total, at a given time, ClusterQueue reserves for its exclusive use\na quantity of quota equals to nominalQuota - lendingLimit.\nIf null, it means that there is no lending limit, meaning that\nall the nominalQuota can be borrowed by other clusterQueues in the cohort.\nIf not null, it must be non-negative.\nlendingLimit must be null if spec.cohort is empty.\nThis field is in beta stage and is enabled by default." pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true name: diff --git a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml index 823995cf0..0c67b60b5 100644 --- a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml +++ b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml @@ -132,11 +132,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -166,11 +168,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -197,11 +201,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -261,11 +267,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -295,11 +303,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -326,11 +336,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -436,11 +448,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -470,11 +484,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -501,11 +517,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml index 5124fdf82..64a76915f 100644 --- a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml +++ b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml @@ -128,11 +128,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -162,11 +164,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -193,11 +197,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -256,11 +262,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -290,11 +298,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,11 +331,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -425,11 +437,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -459,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -490,11 +506,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/work-api/multicluster.x-k8s.io/v1alpha1/appliedworks.yaml b/crd-catalog/kubernetes-sigs/work-api/multicluster.x-k8s.io/v1alpha1/appliedworks.yaml index 3cd04e7cc..3a24e2a42 100644 --- a/crd-catalog/kubernetes-sigs/work-api/multicluster.x-k8s.io/v1alpha1/appliedworks.yaml +++ b/crd-catalog/kubernetes-sigs/work-api/multicluster.x-k8s.io/v1alpha1/appliedworks.yaml @@ -14,13 +14,13 @@ spec: - name: "v1alpha1" schema: openAPIV3Schema: - description: "AppliedWork represents an applied work on managed cluster that is placed on a managed cluster. An appliedwork links to a work on a hub recording resources deployed in the managed cluster. When the agent is removed from managed cluster, cluster-admin on managed cluster can delete appliedwork to remove resources deployed by the agent. The name of the appliedwork must be the same as {work name} The namespace of the appliedwork should be the same as the resource applied on the managed cluster." + description: "AppliedWork represents an applied work on managed cluster that is placed\non a managed cluster. An appliedwork links to a work on a hub recording resources\ndeployed in the managed cluster.\nWhen the agent is removed from managed cluster, cluster-admin on managed cluster\ncan delete appliedwork to remove resources deployed by the agent.\nThe name of the appliedwork must be the same as {work name}\nThe namespace of the appliedwork should be the same as the resource applied on\nthe managed cluster." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -41,9 +41,9 @@ spec: description: "Status represents the current status of AppliedWork." properties: appliedResources: - description: "AppliedResources represents a list of resources defined within the Work that are applied. Only resources with valid GroupVersionResource, namespace, and name are suitable. An item in this slice is deleted when there is no mapped manifest in Work.Spec or by finalizer. The resource relating to the item will also be removed from managed cluster. The deleted resource may still be present until the finalizers for that resource are finished. However, the resource will not be undeleted, so it can be removed from this list and eventual consistency is preserved." + description: "AppliedResources represents a list of resources defined within the Work that are applied.\nOnly resources with valid GroupVersionResource, namespace, and name are suitable.\nAn item in this slice is deleted when there is no mapped manifest in Work.Spec or by finalizer.\nThe resource relating to the item will also be removed from managed cluster.\nThe deleted resource may still be present until the finalizers for that resource are finished.\nHowever, the resource will not be undeleted, so it can be removed from this list and eventual consistency is preserved." items: - description: "AppliedResourceMeta represents the group, version, resource, name and namespace of a resource. Since these resources have been created, they must have valid group, version, resource, namespace, and name." + description: "AppliedResourceMeta represents the group, version, resource, name and namespace of a resource.\nSince these resources have been created, they must have valid group, version, resource, namespace, and name." properties: group: description: "Group is the group of the resource." @@ -55,16 +55,16 @@ spec: description: "Name is the name of the resource" type: "string" namespace: - description: "Namespace is the namespace of the resource, the resource is cluster scoped if the value is empty" + description: "Namespace is the namespace of the resource, the resource is cluster scoped if the value\nis empty" type: "string" ordinal: - description: "Ordinal represents an index in manifests list, so the condition can still be linked to a manifest even thougth manifest cannot be parsed successfully." + description: "Ordinal represents an index in manifests list, so the condition can still be linked\nto a manifest even thougth manifest cannot be parsed successfully." type: "integer" resource: description: "Resource is the resource type of the resource" type: "string" uid: - description: "UID is set on successful deletion of the Kubernetes resource by controller. The resource might be still visible on the managed cluster after this field is set. It is not directly settable by a client." + description: "UID is set on successful deletion of the Kubernetes resource by controller. The\nresource might be still visible on the managed cluster after this field is set.\nIt is not directly settable by a client." type: "string" version: description: "Version is the version of the resource." diff --git a/crd-catalog/kubernetes-sigs/work-api/multicluster.x-k8s.io/v1alpha1/works.yaml b/crd-catalog/kubernetes-sigs/work-api/multicluster.x-k8s.io/v1alpha1/works.yaml index 5124c1064..87a8555f6 100644 --- a/crd-catalog/kubernetes-sigs/work-api/multicluster.x-k8s.io/v1alpha1/works.yaml +++ b/crd-catalog/kubernetes-sigs/work-api/multicluster.x-k8s.io/v1alpha1/works.yaml @@ -16,10 +16,10 @@ spec: description: "Work is the Schema for the works API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -43,25 +43,25 @@ spec: description: "status defines the status of each applied manifest on the spoke cluster." properties: conditions: - description: "Conditions contains the different condition statuses for this work. Valid condition types are: 1. Applied represents workload in Work is applied successfully on the spoke cluster. 2. Progressing represents workload in Work in the trasitioning from one state to another the on the spoke cluster. 3. Available represents workload in Work exists on the spoke cluster. 4. Degraded represents the current state of workload does not match the desired state for a certain period." + description: "Conditions contains the different condition statuses for this work.\nValid condition types are:\n1. Applied represents workload in Work is applied successfully on the spoke cluster.\n2. Progressing represents workload in Work in the trasitioning from one state to another the on the spoke cluster.\n3. Available represents workload in Work exists on the spoke cluster.\n4. Degraded represents the current state of workload does not match the desired\nstate for a certain period." items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" properties: lastTransitionTime: - description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." format: "date-time" type: "string" message: - description: "message is a human readable message indicating details about the transition. This may be an empty string." + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." maxLength: 32768 type: "string" observedGeneration: - description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." format: "int64" minimum: 0.0 type: "integer" reason: - description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 1024 minLength: 1 pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" @@ -74,7 +74,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -87,30 +87,30 @@ spec: type: "object" type: "array" manifestConditions: - description: "ManifestConditions represents the conditions of each resource in work deployed on spoke cluster." + description: "ManifestConditions represents the conditions of each resource in work deployed on\nspoke cluster." items: - description: "ManifestCondition represents the conditions of the resources deployed on spoke cluster" + description: "ManifestCondition represents the conditions of the resources deployed on\nspoke cluster" properties: conditions: description: "Conditions represents the conditions of this resource on spoke cluster" items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" properties: lastTransitionTime: - description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." format: "date-time" type: "string" message: - description: "message is a human readable message indicating details about the transition. This may be an empty string." + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." maxLength: 32768 type: "string" observedGeneration: - description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." format: "int64" minimum: 0.0 type: "integer" reason: - description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 1024 minLength: 1 pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" @@ -123,7 +123,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -148,10 +148,10 @@ spec: description: "Name is the name of the resource" type: "string" namespace: - description: "Namespace is the namespace of the resource, the resource is cluster scoped if the value is empty" + description: "Namespace is the namespace of the resource, the resource is cluster scoped if the value\nis empty" type: "string" ordinal: - description: "Ordinal represents an index in manifests list, so the condition can still be linked to a manifest even thougth manifest cannot be parsed successfully." + description: "Ordinal represents an index in manifests list, so the condition can still be linked\nto a manifest even thougth manifest cannot be parsed successfully." type: "integer" resource: description: "Resource is the resource type of the resource" diff --git a/crd-catalog/kubewharf/kubeadmiral/core.kubeadmiral.io/v1alpha1/clusteroverridepolicies.yaml b/crd-catalog/kubewharf/kubeadmiral/core.kubeadmiral.io/v1alpha1/clusteroverridepolicies.yaml index 2fc9fdc73..a5983441d 100644 --- a/crd-catalog/kubewharf/kubeadmiral/core.kubeadmiral.io/v1alpha1/clusteroverridepolicies.yaml +++ b/crd-catalog/kubewharf/kubeadmiral/core.kubeadmiral.io/v1alpha1/clusteroverridepolicies.yaml @@ -107,6 +107,109 @@ spec: - "value" type: "object" type: "array" + envs: + description: "Envs specifies overriders that apply to the container envs." + items: + properties: + containerName: + description: "ContainerName targets the specified container or init container in the pod template." + type: "string" + operator: + description: "Operator specifies the operation. If omitted, defaults to \"overwrite\"." + enum: + - "addIfAbsent" + - "overwrite" + - "delete" + type: "string" + value: + description: "List of environment variables to set in the container." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + required: + - "containerName" + - "value" + type: "object" + type: "array" image: description: "Image specifies the overriders that apply to the image." items: diff --git a/crd-catalog/kubewharf/kubeadmiral/core.kubeadmiral.io/v1alpha1/overridepolicies.yaml b/crd-catalog/kubewharf/kubeadmiral/core.kubeadmiral.io/v1alpha1/overridepolicies.yaml index 6da8bbb29..014b7a3f0 100644 --- a/crd-catalog/kubewharf/kubeadmiral/core.kubeadmiral.io/v1alpha1/overridepolicies.yaml +++ b/crd-catalog/kubewharf/kubeadmiral/core.kubeadmiral.io/v1alpha1/overridepolicies.yaml @@ -107,6 +107,109 @@ spec: - "value" type: "object" type: "array" + envs: + description: "Envs specifies overriders that apply to the container envs." + items: + properties: + containerName: + description: "ContainerName targets the specified container or init container in the pod template." + type: "string" + operator: + description: "Operator specifies the operation. If omitted, defaults to \"overwrite\"." + enum: + - "addIfAbsent" + - "overwrite" + - "delete" + type: "string" + value: + description: "List of environment variables to set in the container." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + required: + - "containerName" + - "value" + type: "object" + type: "array" image: description: "Image specifies the overriders that apply to the image." items: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml index 900a47722..3bb242ceb 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml @@ -186,6 +186,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -236,6 +237,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -420,6 +422,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml index a4a291ade..8cb77b219 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml @@ -162,6 +162,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -212,6 +213,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -372,6 +374,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml index b5e530e45..21d956a9f 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml @@ -112,6 +112,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -162,6 +163,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -272,6 +274,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml index 75f8e666f..597b3adf5 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml @@ -48,6 +48,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -238,6 +239,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml index d4011c0f9..b587b8ae9 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml @@ -48,6 +48,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -111,6 +112,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -218,6 +220,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -500,6 +503,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml index 96d1f53d8..8b93f250c 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml @@ -48,6 +48,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -380,6 +381,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml index c68226992..4559efc49 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml @@ -361,6 +361,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml index f37106666..f3be38da5 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml @@ -152,6 +152,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -202,6 +203,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -352,6 +354,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml index a95ff5fa8..4d07d21b8 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml @@ -48,6 +48,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -339,6 +340,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml index aac15c2e9..ce0681321 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml @@ -48,6 +48,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -106,6 +107,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -170,6 +172,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml index 49dc22571..764213d1e 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml @@ -81,6 +81,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -131,6 +132,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -210,6 +212,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml index 0bb0bb08b..b6f5b28d6 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml @@ -168,6 +168,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml index 029418428..f469134a0 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml @@ -63,6 +63,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" @@ -113,6 +114,7 @@ spec: - "MeshGateway" - "MeshService" - "MeshExternalService" + - "MeshMultiZoneService" - "MeshServiceSubset" - "MeshHTTPRoute" type: "string" diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml index 63a245a06..12f847ab3 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml @@ -596,7 +596,6 @@ spec: type: "string" required: - "path" - - "value" type: "object" type: "object" format: diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml index c970e862d..d32e7782b 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml @@ -613,7 +613,6 @@ spec: type: "string" required: - "path" - - "value" type: "object" type: "object" format: @@ -1320,7 +1319,6 @@ spec: type: "string" required: - "path" - - "value" type: "object" type: "object" format: @@ -1916,7 +1914,6 @@ spec: type: "string" required: - "path" - - "value" type: "object" type: "object" format: @@ -2540,7 +2537,6 @@ spec: type: "string" required: - "path" - - "value" type: "object" type: "object" format: @@ -3753,7 +3749,6 @@ spec: type: "string" required: - "path" - - "value" type: "object" type: "object" format: diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml index 06446e2ec..4d3c50755 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml @@ -657,7 +657,6 @@ spec: type: "string" required: - "path" - - "value" type: "object" type: "object" format: diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml index 36eb52a9a..cefacba39 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml @@ -662,7 +662,6 @@ spec: type: "string" required: - "path" - - "value" type: "object" type: "object" format: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml index 8e2843ce5..8b6a76b8c 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml @@ -106,13 +106,13 @@ spec: celPreconditions: description: "CELPreconditions are used to determine if a policy rule should be applied by evaluating a\nset of CEL conditions. It can only be used with the validate.cel subrule" items: - description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." + description: "MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -190,6 +190,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -871,6 +873,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1578,6 +1582,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1818,6 +1824,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1921,10 +1929,10 @@ spec: description: "AuditAnnotation describes how to produce an audit annotation for an API request." properties: key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\nRequired." type: "string" valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\nRequired." type: "string" required: - "key" @@ -1937,7 +1945,7 @@ spec: description: "Validation specifies the CEL expression which is used to apply the validation." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." type: "string" message: description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." @@ -1967,16 +1975,16 @@ spec: description: "ParamRef references a parameter resource." properties: name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + description: "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured\nby setting the `name` field, leaving `selector` blank, and setting namespace\nif `paramKind` is namespace-scoped." type: "string" namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." type: "string" parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired" type: "string" selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2013,7 +2021,7 @@ spec: variables: description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." items: - description: "Variable is the definition of a variable that is used for composition." + description: "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression." properties: expression: description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." @@ -2025,6 +2033,7 @@ spec: - "expression" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" deny: @@ -2034,6 +2043,63 @@ spec: description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" x-kubernetes-preserve-unknown-fields: true type: "object" + failureAction: + description: "FailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" + failureActionOverrides: + description: "FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction\nnamespace-wise. It overrides FailureAction for the specified namespaces." + items: + properties: + action: + description: "ValidationFailureAction defines the policy validation failure action" + enum: + - "audit" + - "enforce" + - "Audit" + - "Enforce" + type: "string" + namespaceSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + items: + type: "string" + type: "array" + type: "object" + type: "array" foreach: description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: @@ -2113,6 +2179,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -2549,63 +2617,6 @@ spec: - "latest" type: "string" type: "object" - validationFailureAction: - description: "ValidationFailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" - validationFailureActionOverrides: - description: "ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction\nnamespace-wise. It overrides ValidationFailureAction for the specified namespaces." - items: - properties: - action: - description: "ValidationFailureAction defines the policy validation failure action" - enum: - - "audit" - - "enforce" - - "Audit" - - "Enforce" - type: "string" - namespaceSelector: - description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - items: - type: "string" - type: "array" - type: "object" - type: "array" type: "object" verifyImages: description: "VerifyImages is used to verify image signatures and mutate them to add a digest" @@ -3049,6 +3060,12 @@ spec: cosignOCI11: description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." type: "boolean" + failureAction: + description: "Allowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" image: description: "Deprecated. Use ImageReferences instead." type: "string" @@ -3120,12 +3137,6 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" - validationFailureAction: - description: "Allowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -3217,10 +3228,10 @@ spec: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -3251,13 +3262,13 @@ spec: celPreconditions: description: "CELPreconditions are used to determine if a policy rule should be applied by evaluating a\nset of CEL conditions. It can only be used with the validate.cel subrule" items: - description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." + description: "MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -3335,6 +3346,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4016,6 +4029,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4723,6 +4738,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4963,6 +4980,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -5066,10 +5085,10 @@ spec: description: "AuditAnnotation describes how to produce an audit annotation for an API request." properties: key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\nRequired." type: "string" valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\nRequired." type: "string" required: - "key" @@ -5082,7 +5101,7 @@ spec: description: "Validation specifies the CEL expression which is used to apply the validation." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." type: "string" message: description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." @@ -5112,16 +5131,16 @@ spec: description: "ParamRef references a parameter resource." properties: name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + description: "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured\nby setting the `name` field, leaving `selector` blank, and setting namespace\nif `paramKind` is namespace-scoped." type: "string" namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." type: "string" parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired" type: "string" selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5158,7 +5177,7 @@ spec: variables: description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." items: - description: "Variable is the definition of a variable that is used for composition." + description: "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression." properties: expression: description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." @@ -5170,6 +5189,7 @@ spec: - "expression" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" deny: @@ -5179,6 +5199,63 @@ spec: description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" x-kubernetes-preserve-unknown-fields: true type: "object" + failureAction: + description: "FailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" + failureActionOverrides: + description: "FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction\nnamespace-wise. It overrides FailureAction for the specified namespaces." + items: + properties: + action: + description: "ValidationFailureAction defines the policy validation failure action" + enum: + - "audit" + - "enforce" + - "Audit" + - "Enforce" + type: "string" + namespaceSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + items: + type: "string" + type: "array" + type: "object" + type: "array" foreach: description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: @@ -5258,6 +5335,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -5694,63 +5773,6 @@ spec: - "latest" type: "string" type: "object" - validationFailureAction: - description: "ValidationFailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" - validationFailureActionOverrides: - description: "ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction\nnamespace-wise. It overrides ValidationFailureAction for the specified namespaces." - items: - properties: - action: - description: "ValidationFailureAction defines the policy validation failure action" - enum: - - "audit" - - "enforce" - - "Audit" - - "Enforce" - type: "string" - namespaceSelector: - description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - items: - type: "string" - type: "array" - type: "object" - type: "array" type: "object" verifyImages: description: "VerifyImages is used to verify image signatures and mutate them to add a digest" @@ -6194,6 +6216,12 @@ spec: cosignOCI11: description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." type: "boolean" + failureAction: + description: "Allowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" image: description: "Deprecated. Use ImageReferences instead." type: "string" @@ -6265,12 +6293,6 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" - validationFailureAction: - description: "Allowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -6284,7 +6306,7 @@ spec: type: "object" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -6313,7 +6335,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml index b455ef7fb..0bb863bf3 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml @@ -106,13 +106,13 @@ spec: celPreconditions: description: "CELPreconditions are used to determine if a policy rule should be applied by evaluating a\nset of CEL conditions. It can only be used with the validate.cel subrule" items: - description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." + description: "MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -190,6 +190,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -871,6 +873,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1578,6 +1582,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1818,6 +1824,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1921,10 +1929,10 @@ spec: description: "AuditAnnotation describes how to produce an audit annotation for an API request." properties: key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\nRequired." type: "string" valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\nRequired." type: "string" required: - "key" @@ -1937,7 +1945,7 @@ spec: description: "Validation specifies the CEL expression which is used to apply the validation." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." type: "string" message: description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." @@ -1967,16 +1975,16 @@ spec: description: "ParamRef references a parameter resource." properties: name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + description: "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured\nby setting the `name` field, leaving `selector` blank, and setting namespace\nif `paramKind` is namespace-scoped." type: "string" namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." type: "string" parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired" type: "string" selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2013,7 +2021,7 @@ spec: variables: description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." items: - description: "Variable is the definition of a variable that is used for composition." + description: "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression." properties: expression: description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." @@ -2025,6 +2033,7 @@ spec: - "expression" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" deny: @@ -2034,6 +2043,63 @@ spec: description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" x-kubernetes-preserve-unknown-fields: true type: "object" + failureAction: + description: "FailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" + failureActionOverrides: + description: "FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction\nnamespace-wise. It overrides FailureAction for the specified namespaces." + items: + properties: + action: + description: "ValidationFailureAction defines the policy validation failure action" + enum: + - "audit" + - "enforce" + - "Audit" + - "Enforce" + type: "string" + namespaceSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + items: + type: "string" + type: "array" + type: "object" + type: "array" foreach: description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: @@ -2113,6 +2179,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -2549,63 +2617,6 @@ spec: - "latest" type: "string" type: "object" - validationFailureAction: - description: "ValidationFailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" - validationFailureActionOverrides: - description: "ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction\nnamespace-wise. It overrides ValidationFailureAction for the specified namespaces." - items: - properties: - action: - description: "ValidationFailureAction defines the policy validation failure action" - enum: - - "audit" - - "enforce" - - "Audit" - - "Enforce" - type: "string" - namespaceSelector: - description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - items: - type: "string" - type: "array" - type: "object" - type: "array" type: "object" verifyImages: description: "VerifyImages is used to verify image signatures and mutate them to add a digest" @@ -3049,6 +3060,12 @@ spec: cosignOCI11: description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." type: "boolean" + failureAction: + description: "Allowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" image: description: "Deprecated. Use ImageReferences instead." type: "string" @@ -3120,12 +3137,6 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" - validationFailureAction: - description: "Allowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -3217,10 +3228,10 @@ spec: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -3251,13 +3262,13 @@ spec: celPreconditions: description: "CELPreconditions are used to determine if a policy rule should be applied by evaluating a\nset of CEL conditions. It can only be used with the validate.cel subrule" items: - description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." + description: "MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -3335,6 +3346,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4016,6 +4029,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4723,6 +4738,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4963,6 +4980,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -5066,10 +5085,10 @@ spec: description: "AuditAnnotation describes how to produce an audit annotation for an API request." properties: key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\nRequired." type: "string" valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\nRequired." type: "string" required: - "key" @@ -5082,7 +5101,7 @@ spec: description: "Validation specifies the CEL expression which is used to apply the validation." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." type: "string" message: description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." @@ -5112,16 +5131,16 @@ spec: description: "ParamRef references a parameter resource." properties: name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + description: "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured\nby setting the `name` field, leaving `selector` blank, and setting namespace\nif `paramKind` is namespace-scoped." type: "string" namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." type: "string" parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired" type: "string" selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5158,7 +5177,7 @@ spec: variables: description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." items: - description: "Variable is the definition of a variable that is used for composition." + description: "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression." properties: expression: description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." @@ -5170,6 +5189,7 @@ spec: - "expression" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" deny: @@ -5179,6 +5199,63 @@ spec: description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" x-kubernetes-preserve-unknown-fields: true type: "object" + failureAction: + description: "FailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" + failureActionOverrides: + description: "FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction\nnamespace-wise. It overrides FailureAction for the specified namespaces." + items: + properties: + action: + description: "ValidationFailureAction defines the policy validation failure action" + enum: + - "audit" + - "enforce" + - "Audit" + - "Enforce" + type: "string" + namespaceSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + items: + type: "string" + type: "array" + type: "object" + type: "array" foreach: description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: @@ -5258,6 +5335,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -5694,63 +5773,6 @@ spec: - "latest" type: "string" type: "object" - validationFailureAction: - description: "ValidationFailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" - validationFailureActionOverrides: - description: "ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction\nnamespace-wise. It overrides ValidationFailureAction for the specified namespaces." - items: - properties: - action: - description: "ValidationFailureAction defines the policy validation failure action" - enum: - - "audit" - - "enforce" - - "Audit" - - "Enforce" - type: "string" - namespaceSelector: - description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - items: - type: "string" - type: "array" - type: "object" - type: "array" type: "object" verifyImages: description: "VerifyImages is used to verify image signatures and mutate them to add a digest" @@ -6194,6 +6216,12 @@ spec: cosignOCI11: description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." type: "boolean" + failureAction: + description: "Allowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" image: description: "Deprecated. Use ImageReferences instead." type: "string" @@ -6265,12 +6293,6 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" - validationFailureAction: - description: "Allowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -6284,7 +6306,7 @@ spec: type: "object" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -6313,7 +6335,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml index fda034ae1..d7a84578e 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml @@ -107,7 +107,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true requestKind: - description: "RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).\nIf this is specified and differs from the value in \"kind\", an equivalent match and conversion was performed.\n\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of\n`apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`,\nan API request to apps/v1beta1 deployments would be converted and sent to the webhook\nwith `kind: {group:\"apps\", version:\"v1\", kind:\"Deployment\"}` (matching the rule the webhook registered for),\nand `requestKind: {group:\"apps\", version:\"v1beta1\", kind:\"Deployment\"}` (indicating the kind of the original API request).\n\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type for more details." + description: "RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).\nIf this is specified and differs from the value in \"kind\", an equivalent match and conversion was performed.\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of\n`apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`,\nan API request to apps/v1beta1 deployments would be converted and sent to the webhook\nwith `kind: {group:\"apps\", version:\"v1\", kind:\"Deployment\"}` (matching the rule the webhook registered for),\nand `requestKind: {group:\"apps\", version:\"v1beta1\", kind:\"Deployment\"}` (indicating the kind of the original API request).\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type for more details." properties: group: type: "string" @@ -121,7 +121,7 @@ spec: - "version" type: "object" requestResource: - description: "RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).\nIf this is specified and differs from the value in \"resource\", an equivalent match and conversion was performed.\n\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of\n`apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`,\nan API request to apps/v1beta1 deployments would be converted and sent to the webhook\nwith `resource: {group:\"apps\", version:\"v1\", resource:\"deployments\"}` (matching the resource the webhook registered for),\nand `requestResource: {group:\"apps\", version:\"v1beta1\", resource:\"deployments\"}` (indicating the resource of the original API request).\n\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type." + description: "RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).\nIf this is specified and differs from the value in \"resource\", an equivalent match and conversion was performed.\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of\n`apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`,\nan API request to apps/v1beta1 deployments would be converted and sent to the webhook\nwith `resource: {group:\"apps\", version:\"v1\", resource:\"deployments\"}` (matching the resource the webhook registered for),\nand `requestResource: {group:\"apps\", version:\"v1beta1\", resource:\"deployments\"}` (indicating the resource of the original API request).\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type." properties: group: type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml index 9ab39378e..be172dd16 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml @@ -181,6 +181,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -831,7 +833,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -860,7 +862,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml index 0e51f3a98..6d7ff45c7 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml @@ -181,6 +181,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -831,7 +833,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -860,7 +862,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml index fefee649b..34cf4138a 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml @@ -103,7 +103,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true requestKind: - description: "RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).\nIf this is specified and differs from the value in \"kind\", an equivalent match and conversion was performed.\n\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of\n`apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`,\nan API request to apps/v1beta1 deployments would be converted and sent to the webhook\nwith `kind: {group:\"apps\", version:\"v1\", kind:\"Deployment\"}` (matching the rule the webhook registered for),\nand `requestKind: {group:\"apps\", version:\"v1beta1\", kind:\"Deployment\"}` (indicating the kind of the original API request).\n\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type for more details." + description: "RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).\nIf this is specified and differs from the value in \"kind\", an equivalent match and conversion was performed.\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of\n`apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`,\nan API request to apps/v1beta1 deployments would be converted and sent to the webhook\nwith `kind: {group:\"apps\", version:\"v1\", kind:\"Deployment\"}` (matching the rule the webhook registered for),\nand `requestKind: {group:\"apps\", version:\"v1beta1\", kind:\"Deployment\"}` (indicating the kind of the original API request).\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type for more details." properties: group: type: "string" @@ -117,7 +117,7 @@ spec: - "version" type: "object" requestResource: - description: "RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).\nIf this is specified and differs from the value in \"resource\", an equivalent match and conversion was performed.\n\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of\n`apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`,\nan API request to apps/v1beta1 deployments would be converted and sent to the webhook\nwith `resource: {group:\"apps\", version:\"v1\", resource:\"deployments\"}` (matching the resource the webhook registered for),\nand `requestResource: {group:\"apps\", version:\"v1beta1\", resource:\"deployments\"}` (indicating the resource of the original API request).\n\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type." + description: "RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).\nIf this is specified and differs from the value in \"resource\", an equivalent match and conversion was performed.\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of\n`apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`,\nan API request to apps/v1beta1 deployments would be converted and sent to the webhook\nwith `resource: {group:\"apps\", version:\"v1\", resource:\"deployments\"}` (matching the resource the webhook registered for),\nand `requestResource: {group:\"apps\", version:\"v1beta1\", resource:\"deployments\"}` (indicating the resource of the original API request).\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type." properties: group: type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml index a22fa3d0c..cfeb00c51 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml @@ -123,7 +123,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -152,7 +152,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/cleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/cleanuppolicies.yaml index 8f2268ef1..ef76c0c09 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/cleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/cleanuppolicies.yaml @@ -182,6 +182,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -832,7 +834,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -861,7 +863,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clustercleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clustercleanuppolicies.yaml index 18dd7968c..3e2c48f59 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clustercleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clustercleanuppolicies.yaml @@ -182,6 +182,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -832,7 +834,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -861,7 +863,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml index 32efe7766..28cc5ad01 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml @@ -109,10 +109,10 @@ spec: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -190,6 +190,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -734,6 +736,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1304,6 +1308,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1544,6 +1550,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1714,10 +1722,10 @@ spec: description: "AuditAnnotation describes how to produce an audit annotation for an API request." properties: key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\nRequired." type: "string" valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\nRequired." type: "string" required: - "key" @@ -1730,7 +1738,7 @@ spec: description: "Validation specifies the CEL expression which is used to apply the validation." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." type: "string" message: description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." @@ -1760,16 +1768,16 @@ spec: description: "ParamRef references a parameter resource." properties: name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + description: "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured\nby setting the `name` field, leaving `selector` blank, and setting namespace\nif `paramKind` is namespace-scoped." type: "string" namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." type: "string" parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired" type: "string" selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1806,7 +1814,7 @@ spec: variables: description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." items: - description: "Variable is the definition of a variable that is used for composition." + description: "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression." properties: expression: description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." @@ -1818,6 +1826,7 @@ spec: - "expression" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" deny: @@ -1894,6 +1903,63 @@ spec: type: "array" type: "object" type: "object" + failureAction: + description: "FailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" + failureActionOverrides: + description: "FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction\nnamespace-wise. It overrides FailureAction for the specified namespaces." + items: + properties: + action: + description: "ValidationFailureAction defines the policy validation failure action" + enum: + - "audit" + - "enforce" + - "Audit" + - "Enforce" + type: "string" + namespaceSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + items: + type: "string" + type: "array" + type: "object" + type: "array" foreach: description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: @@ -1973,6 +2039,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -2409,63 +2477,6 @@ spec: - "latest" type: "string" type: "object" - validationFailureAction: - description: "ValidationFailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" - validationFailureActionOverrides: - description: "ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction\nnamespace-wise. It overrides ValidationFailureAction for the specified namespaces." - items: - properties: - action: - description: "ValidationFailureAction defines the policy validation failure action" - enum: - - "audit" - - "enforce" - - "Audit" - - "Enforce" - type: "string" - namespaceSelector: - description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - items: - type: "string" - type: "array" - type: "object" - type: "array" type: "object" verifyImages: description: "VerifyImages is used to verify image signatures and mutate them to add a digest" @@ -2896,6 +2907,12 @@ spec: type: "array" type: "object" type: "array" + failureAction: + description: "Allowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" imageReferences: description: "ImageReferences is a list of matching image reference patterns. At least one pattern in the\nlist must match the image for the rule to apply. Each image reference consists of a registry\naddress (defaults to docker.io), repository, image, and tag (defaults to latest).\nWildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images." items: @@ -2952,12 +2969,6 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule" type: "boolean" - validationFailureAction: - description: "Allowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -3049,10 +3060,10 @@ spec: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -3083,13 +3094,13 @@ spec: celPreconditions: description: "CELPreconditions are used to determine if a policy rule should be applied by evaluating a\nset of CEL conditions. It can only be used with the validate.cel subrule" items: - description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." + description: "MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -3167,6 +3178,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -3848,6 +3861,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4555,6 +4570,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4795,6 +4812,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4898,10 +4917,10 @@ spec: description: "AuditAnnotation describes how to produce an audit annotation for an API request." properties: key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\nRequired." type: "string" valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\nRequired." type: "string" required: - "key" @@ -4914,7 +4933,7 @@ spec: description: "Validation specifies the CEL expression which is used to apply the validation." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." type: "string" message: description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." @@ -4944,16 +4963,16 @@ spec: description: "ParamRef references a parameter resource." properties: name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + description: "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured\nby setting the `name` field, leaving `selector` blank, and setting namespace\nif `paramKind` is namespace-scoped." type: "string" namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." type: "string" parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired" type: "string" selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4990,7 +5009,7 @@ spec: variables: description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." items: - description: "Variable is the definition of a variable that is used for composition." + description: "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression." properties: expression: description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." @@ -5002,6 +5021,7 @@ spec: - "expression" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" deny: @@ -5011,6 +5031,63 @@ spec: description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" x-kubernetes-preserve-unknown-fields: true type: "object" + failureAction: + description: "FailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" + failureActionOverrides: + description: "FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction\nnamespace-wise. It overrides FailureAction for the specified namespaces." + items: + properties: + action: + description: "ValidationFailureAction defines the policy validation failure action" + enum: + - "audit" + - "enforce" + - "Audit" + - "Enforce" + type: "string" + namespaceSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + items: + type: "string" + type: "array" + type: "object" + type: "array" foreach: description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: @@ -5090,6 +5167,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -5526,63 +5605,6 @@ spec: - "latest" type: "string" type: "object" - validationFailureAction: - description: "ValidationFailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" - validationFailureActionOverrides: - description: "ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction\nnamespace-wise. It overrides ValidationFailureAction for the specified namespaces." - items: - properties: - action: - description: "ValidationFailureAction defines the policy validation failure action" - enum: - - "audit" - - "enforce" - - "Audit" - - "Enforce" - type: "string" - namespaceSelector: - description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - items: - type: "string" - type: "array" - type: "object" - type: "array" type: "object" verifyImages: description: "VerifyImages is used to verify image signatures and mutate them to add a digest" @@ -6026,6 +6048,12 @@ spec: cosignOCI11: description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." type: "boolean" + failureAction: + description: "Allowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" image: description: "Deprecated. Use ImageReferences instead." type: "string" @@ -6097,12 +6125,6 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" - validationFailureAction: - description: "Allowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -6116,7 +6138,7 @@ spec: type: "object" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -6145,7 +6167,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml index 627ff40ec..552705c71 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml @@ -109,10 +109,10 @@ spec: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -190,6 +190,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -734,6 +736,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1304,6 +1308,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1544,6 +1550,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -1714,10 +1722,10 @@ spec: description: "AuditAnnotation describes how to produce an audit annotation for an API request." properties: key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\nRequired." type: "string" valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\nRequired." type: "string" required: - "key" @@ -1730,7 +1738,7 @@ spec: description: "Validation specifies the CEL expression which is used to apply the validation." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." type: "string" message: description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." @@ -1760,16 +1768,16 @@ spec: description: "ParamRef references a parameter resource." properties: name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + description: "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured\nby setting the `name` field, leaving `selector` blank, and setting namespace\nif `paramKind` is namespace-scoped." type: "string" namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." type: "string" parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired" type: "string" selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1806,7 +1814,7 @@ spec: variables: description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." items: - description: "Variable is the definition of a variable that is used for composition." + description: "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression." properties: expression: description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." @@ -1818,6 +1826,7 @@ spec: - "expression" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" deny: @@ -1894,6 +1903,63 @@ spec: type: "array" type: "object" type: "object" + failureAction: + description: "FailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" + failureActionOverrides: + description: "FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction\nnamespace-wise. It overrides FailureAction for the specified namespaces." + items: + properties: + action: + description: "ValidationFailureAction defines the policy validation failure action" + enum: + - "audit" + - "enforce" + - "Audit" + - "Enforce" + type: "string" + namespaceSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + items: + type: "string" + type: "array" + type: "object" + type: "array" foreach: description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: @@ -1973,6 +2039,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -2409,63 +2477,6 @@ spec: - "latest" type: "string" type: "object" - validationFailureAction: - description: "ValidationFailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" - validationFailureActionOverrides: - description: "ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction\nnamespace-wise. It overrides ValidationFailureAction for the specified namespaces." - items: - properties: - action: - description: "ValidationFailureAction defines the policy validation failure action" - enum: - - "audit" - - "enforce" - - "Audit" - - "Enforce" - type: "string" - namespaceSelector: - description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - items: - type: "string" - type: "array" - type: "object" - type: "array" type: "object" verifyImages: description: "VerifyImages is used to verify image signatures and mutate them to add a digest" @@ -2896,6 +2907,12 @@ spec: type: "array" type: "object" type: "array" + failureAction: + description: "Allowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" imageReferences: description: "ImageReferences is a list of matching image reference patterns. At least one pattern in the\nlist must match the image for the rule to apply. Each image reference consists of a registry\naddress (defaults to docker.io), repository, image, and tag (defaults to latest).\nWildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images." items: @@ -2952,12 +2969,6 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule" type: "boolean" - validationFailureAction: - description: "Allowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -3049,10 +3060,10 @@ spec: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -3083,13 +3094,13 @@ spec: celPreconditions: description: "CELPreconditions are used to determine if a policy rule should be applied by evaluating a\nset of CEL conditions. It can only be used with the validate.cel subrule" items: - description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." + description: "MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\n\nRequired." + description: "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.\nCEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests.\n'oldObject' - The existing object. The value is null for CREATE requests.\n'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).\n'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired." type: "string" name: - description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\n\nRequired." + description: "Name is an identifier for this match condition, used for strategic merging of MatchConditions,\nas well as providing an identifier for logging purposes. A good name should be descriptive of\nthe associated expression.\nName must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and\nmust start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or\n'123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an\noptional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired." type: "string" required: - "expression" @@ -3167,6 +3178,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -3848,6 +3861,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4555,6 +4570,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4795,6 +4812,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -4898,10 +4917,10 @@ spec: description: "AuditAnnotation describes how to produce an audit annotation for an API request." properties: key: - description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\n\nRequired." + description: "key specifies the audit annotation key. The audit annotation keys of\na ValidatingAdmissionPolicy must be unique. The key must be a qualified\nname ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the\nValidatingAdmissionPolicy to construct an audit annotation key:\n\"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy\nand the same audit annotation key, the annotation key will be identical.\nIn this case, the first annotation written with the key will be included\nin the audit event and all subsequent annotations with the same key\nwill be discarded.\n\nRequired." type: "string" valueExpression: - description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\n\nRequired." + description: "valueExpression represents the expression which is evaluated by CEL to\nproduce an audit annotation value. The expression must evaluate to either\na string or null value. If the expression evaluates to a string, the\naudit annotation is included with the string value. If the expression\nevaluates to null or empty string the audit annotation will be omitted.\nThe valueExpression may be no longer than 5kb in length.\nIf the result of the valueExpression is more than 10kb in length, it\nwill be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an\nAPI request, then the valueExpression will be evaluated for\neach binding. All unique values produced by the valueExpressions\nwill be joined together in a comma-separated list.\n\nRequired." type: "string" required: - "key" @@ -4914,7 +4933,7 @@ spec: description: "Validation specifies the CEL expression which is used to apply the validation." properties: expression: - description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." + description: "Expression represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nCEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests.\n- 'oldObject' - The existing object. The value is null for CREATE requests.\n- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).\n- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.\n- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.\n- 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the\nobject. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].\nConcatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired." type: "string" message: description: "Message represents the message displayed when validation fails. The message is required if the Expression contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"\nIf the Expression contains line breaks. Message is required.\nThe message must not contain line breaks.\nIf unset, the message is \"failed Expression: {Expression}\"." @@ -4944,16 +4963,16 @@ spec: description: "ParamRef references a parameter resource." properties: name: - description: "`name` is the name of the resource being referenced.\n\n\n`name` and `selector` are mutually exclusive properties. If one is set,\nthe other must be unset." + description: "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured\nby setting the `name` field, leaving `selector` blank, and setting namespace\nif `paramKind` is namespace-scoped." type: "string" namespace: - description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." + description: "namespace is the namespace of the referenced resource. Allows limiting\nthe search for params to a specific namespace. Applies to both `name` and\n`selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped\n`paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this\nfield results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being\nevaluated for admission will be used when this field is left unset. Take\ncare that if this is left empty the binding must not match any cluster-scoped\nresources, which will result in an error." type: "string" parameterNotFoundAction: - description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\n\nAllowed values are `Allow` or `Deny`\nDefault to `Deny`" + description: "`parameterNotFoundAction` controls the behavior of the binding when the resource\nexists, and name or selector is valid, but there are no parameters\nmatched by the binding. If the value is set to `Allow`, then no\nmatched parameters will be treated as successful validation by the binding.\nIf set to `Deny`, then no matched parameters will be subject to the\n`failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired" type: "string" selector: - description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." + description: "selector can be used to match multiple param objects based on their labels.\nSupply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions\nand the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are\nmutually exclusive properties. If one is set, the other must be unset." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4990,7 +5009,7 @@ spec: variables: description: "Variables contain definitions of variables that can be used in composition of other expressions.\nEach variable is defined as a named CEL expression.\nThe variables defined here will be available under `variables` in other expressions of the policy." items: - description: "Variable is the definition of a variable that is used for composition." + description: "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression." properties: expression: description: "Expression is the expression that will be evaluated as the value of the variable.\nThe CEL expression has access to the same identifiers as the CEL expressions in Validation." @@ -5002,6 +5021,7 @@ spec: - "expression" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" deny: @@ -5011,6 +5031,63 @@ spec: description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" x-kubernetes-preserve-unknown-fields: true type: "object" + failureAction: + description: "FailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" + failureActionOverrides: + description: "FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction\nnamespace-wise. It overrides FailureAction for the specified namespaces." + items: + properties: + action: + description: "ValidationFailureAction defines the policy validation failure action" + enum: + - "audit" + - "enforce" + - "Audit" + - "Enforce" + type: "string" + namespaceSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + items: + type: "string" + type: "array" + type: "object" + type: "array" foreach: description: "ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic." items: @@ -5090,6 +5167,8 @@ spec: name: description: "Name of the global context entry" type: "string" + required: + - "name" type: "object" imageRegistry: description: "ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image\ndetails." @@ -5526,63 +5605,6 @@ spec: - "latest" type: "string" type: "object" - validationFailureAction: - description: "ValidationFailureAction defines if a validation policy rule violation should block\nthe admission review request (Enforce), or allow (Audit) the admission review request\nand report an error in a policy report. Optional.\nAllowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" - validationFailureActionOverrides: - description: "ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction\nnamespace-wise. It overrides ValidationFailureAction for the specified namespaces." - items: - properties: - action: - description: "ValidationFailureAction defines the policy validation failure action" - enum: - - "audit" - - "enforce" - - "Audit" - - "Enforce" - type: "string" - namespaceSelector: - description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - required: - - "key" - - "operator" - type: "object" - type: "array" - x-kubernetes-list-type: "atomic" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - items: - type: "string" - type: "array" - type: "object" - type: "array" type: "object" verifyImages: description: "VerifyImages is used to verify image signatures and mutate them to add a digest" @@ -6026,6 +6048,12 @@ spec: cosignOCI11: description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." type: "boolean" + failureAction: + description: "Allowed values are Audit or Enforce." + enum: + - "Audit" + - "Enforce" + type: "string" image: description: "Deprecated. Use ImageReferences instead." type: "string" @@ -6097,12 +6125,6 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" - validationFailureAction: - description: "Allowed values are Audit or Enforce." - enum: - - "Audit" - - "Enforce" - type: "string" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -6116,7 +6138,7 @@ spec: type: "object" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -6145,7 +6167,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kyverno/kyverno/reports.kyverno.io/v1/clusterephemeralreports.yaml b/crd-catalog/kyverno/kyverno/reports.kyverno.io/v1/clusterephemeralreports.yaml index 22f134981..1fca1402b 100644 --- a/crd-catalog/kyverno/kyverno/reports.kyverno.io/v1/clusterephemeralreports.yaml +++ b/crd-catalog/kyverno/kyverno/reports.kyverno.io/v1/clusterephemeralreports.yaml @@ -153,13 +153,13 @@ spec: resources: description: "Subjects is an optional reference to the checked Kubernetes resources" items: - description: "ObjectReference contains enough information to let you inspect or modify the referred object.\n---\nNew uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.\n 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.\n 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular\n restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\".\n Those cannot be well described when embedded.\n 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.\n 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity\n during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple\n and the version of the actual struct is irrelevant.\n 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type\n will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.\n\n\nInstead of using this type, create a locally provided and used type that is well-focused on your reference.\nFor example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." + description: "ObjectReference contains enough information to let you inspect or modify the referred object." properties: apiVersion: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" diff --git a/crd-catalog/kyverno/kyverno/reports.kyverno.io/v1/ephemeralreports.yaml b/crd-catalog/kyverno/kyverno/reports.kyverno.io/v1/ephemeralreports.yaml index 85c448f7b..48cb1c5bd 100644 --- a/crd-catalog/kyverno/kyverno/reports.kyverno.io/v1/ephemeralreports.yaml +++ b/crd-catalog/kyverno/kyverno/reports.kyverno.io/v1/ephemeralreports.yaml @@ -154,13 +154,13 @@ spec: resources: description: "Subjects is an optional reference to the checked Kubernetes resources" items: - description: "ObjectReference contains enough information to let you inspect or modify the referred object.\n---\nNew uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.\n 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.\n 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular\n restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\".\n Those cannot be well described when embedded.\n 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.\n 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity\n during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple\n and the version of the actual struct is irrelevant.\n 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type\n will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.\n\n\nInstead of using this type, create a locally provided and used type that is well-focused on your reference.\nFor example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." + description: "ObjectReference contains enough information to let you inspect or modify the referred object." properties: apiVersion: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object." type: "string" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/backups.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/backups.yaml index 125666c4a..7542e6414 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/backups.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/backups.yaml @@ -616,6 +616,7 @@ spec: type: "string" type: "array" failedJobsHistoryLimit: + description: "FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed." format: "int32" minimum: 0.0 type: "integer" @@ -2217,10 +2218,12 @@ spec: type: "object" type: "object" successfulJobsHistoryLimit: + description: "SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed." format: "int32" minimum: 0.0 type: "integer" timeZone: + description: "TimeZone defines the timezone associated with the cron expression." type: "string" tolerations: description: "Tolerations to be used in the Pod." diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml index 27b718518..95d370114 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/mariadbs.yaml @@ -4493,7 +4493,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (3) or a percentage (50%).\nIf Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated.\nIt defaults to '50%' of the replicas specified by the MariaDB object." + description: "MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%).\nIf Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated.\nIt defaults to '1' replica." x-kubernetes-int-or-string: true podRecoveryTimeout: description: "PodRecoveryTimeout is the time limit for recevorying the sequence of a Pod during the cluster recovery." diff --git a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/sqljobs.yaml b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/sqljobs.yaml index 73b6f4634..8c00f0d3f 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/sqljobs.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/k8s.mariadb.com/v1alpha1/sqljobs.yaml @@ -627,6 +627,7 @@ spec: x-kubernetes-map-type: "atomic" type: "array" failedJobsHistoryLimit: + description: "FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed." format: "int32" minimum: 0.0 type: "integer" @@ -1016,10 +1017,12 @@ spec: type: "object" x-kubernetes-map-type: "atomic" successfulJobsHistoryLimit: + description: "SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed." format: "int32" minimum: 0.0 type: "integer" timeZone: + description: "TimeZone defines the timezone associated with the cron expression." type: "string" tolerations: description: "Tolerations to be used in the Pod." diff --git a/crd-catalog/minio/operator/minio.min.io/v2/tenants.yaml b/crd-catalog/minio/operator/minio.min.io/v2/tenants.yaml index 11f092e1e..6ea65e0b4 100644 --- a/crd-catalog/minio/operator/minio.min.io/v2/tenants.yaml +++ b/crd-catalog/minio/operator/minio.min.io/v2/tenants.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" - operator.min.io/version: "v6.0.2" + operator.min.io/version: "v6.0.3" name: "tenants.minio.min.io" spec: group: "minio.min.io" diff --git a/crd-catalog/minio/operator/sts.min.io/v1alpha1/policybindings.yaml b/crd-catalog/minio/operator/sts.min.io/v1alpha1/policybindings.yaml index 7161267e6..16e7dea52 100644 --- a/crd-catalog/minio/operator/sts.min.io/v1alpha1/policybindings.yaml +++ b/crd-catalog/minio/operator/sts.min.io/v1alpha1/policybindings.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" - operator.min.io/version: "v6.0.2" + operator.min.io/version: "v5.0.15" name: "policybindings.sts.min.io" spec: group: "sts.min.io" diff --git a/crd-catalog/minio/operator/sts.min.io/v1beta1/policybindings.yaml b/crd-catalog/minio/operator/sts.min.io/v1beta1/policybindings.yaml index 5c0073d2a..14461d58f 100644 --- a/crd-catalog/minio/operator/sts.min.io/v1beta1/policybindings.yaml +++ b/crd-catalog/minio/operator/sts.min.io/v1beta1/policybindings.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" - operator.min.io/version: "v6.0.2" + operator.min.io/version: "v5.0.15" name: "policybindings.sts.min.io" spec: group: "sts.min.io" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/appprotectdos.f5.com/v1beta1/dosprotectedresources.yaml b/crd-catalog/nginxinc/kubernetes-ingress/appprotectdos.f5.com/v1beta1/dosprotectedresources.yaml index da2ee2ab9..ebc29e6ac 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/appprotectdos.f5.com/v1beta1/dosprotectedresources.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/appprotectdos.f5.com/v1beta1/dosprotectedresources.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "dosprotectedresources.appprotectdos.f5.com" spec: group: "appprotectdos.f5.com" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/externaldns.nginx.org/v1/dnsendpoints.yaml b/crd-catalog/nginxinc/kubernetes-ingress/externaldns.nginx.org/v1/dnsendpoints.yaml index 04f3024b2..2aef6cd83 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/externaldns.nginx.org/v1/dnsendpoints.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/externaldns.nginx.org/v1/dnsendpoints.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "dnsendpoints.externaldns.nginx.org" spec: group: "externaldns.nginx.org" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/globalconfigurations.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/globalconfigurations.yaml index 7b36c4a78..4a1533e8b 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/globalconfigurations.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/globalconfigurations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "globalconfigurations.k8s.nginx.org" spec: group: "k8s.nginx.org" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/policies.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/policies.yaml index 9aa99f15c..32796f71c 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/policies.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/policies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "policies.k8s.nginx.org" spec: group: "k8s.nginx.org" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/transportservers.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/transportservers.yaml index 1dedc51ea..0caa3bc23 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/transportservers.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/transportservers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "transportservers.k8s.nginx.org" spec: group: "k8s.nginx.org" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/virtualserverroutes.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/virtualserverroutes.yaml index 192fdd46c..be041469d 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/virtualserverroutes.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/virtualserverroutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "virtualserverroutes.k8s.nginx.org" spec: group: "k8s.nginx.org" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/virtualservers.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/virtualservers.yaml index 170128c42..a0d3404bc 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/virtualservers.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/virtualservers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "virtualservers.k8s.nginx.org" spec: group: "k8s.nginx.org" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/globalconfigurations.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/globalconfigurations.yaml index c3aa43b19..94081c3aa 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/globalconfigurations.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/globalconfigurations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "globalconfigurations.k8s.nginx.org" spec: group: "k8s.nginx.org" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/policies.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/policies.yaml index 0801270c4..e5138744b 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/policies.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/policies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "policies.k8s.nginx.org" spec: group: "k8s.nginx.org" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/transportservers.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/transportservers.yaml index 8170ab886..40b2cd948 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/transportservers.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1alpha1/transportservers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "transportservers.k8s.nginx.org" spec: group: "k8s.nginx.org" diff --git a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/clientsettingspolicies.yaml b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/clientsettingspolicies.yaml index a7bdd0efb..a3c539a06 100644 --- a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/clientsettingspolicies.yaml +++ b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/clientsettingspolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: gateway.networking.k8s.io/policy: "inherited" name: "clientsettingspolicies.gateway.nginx.org" diff --git a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/nginxgateways.yaml b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/nginxgateways.yaml index 783905d48..3a81df476 100644 --- a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/nginxgateways.yaml +++ b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/nginxgateways.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "nginxgateways.gateway.nginx.org" spec: group: "gateway.nginx.org" diff --git a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/nginxproxies.yaml b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/nginxproxies.yaml index 0e0bdcd86..031a3da7c 100644 --- a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/nginxproxies.yaml +++ b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/nginxproxies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "nginxproxies.gateway.nginx.org" spec: group: "gateway.nginx.org" diff --git a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/observabilitypolicies.yaml b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/observabilitypolicies.yaml index 6f18df973..813e28c22 100644 --- a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/observabilitypolicies.yaml +++ b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/observabilitypolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: gateway.networking.k8s.io/policy: "direct" name: "observabilitypolicies.gateway.nginx.org" diff --git a/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml b/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml index 81666348f..71449a54c 100644 --- a/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml +++ b/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml @@ -66,13 +66,18 @@ spec: labels: additionalProperties: type: "string" - description: "Map of label string keys and values that will be applied to the created MachineSet's MachineSpec. This list will overwrite any modifications made to Node labels on an ongoing basis." + description: "Map of label string keys and values that will be applied to the created MachineSet's MachineSpec. This affects the labels that will end up on the *Nodes* (in contrast with the MachineLabels field). This list will overwrite any modifications made to Node labels on an ongoing basis." + type: "object" + machineLabels: + additionalProperties: + type: "string" + description: "Map of label string keys and values that will be applied to the created MachineSet's MachineTemplateSpec. This affects the labels that will end up on the *Machines* (in contrast with the Labels field). This list will overwrite any modifications made to Machine labels on an ongoing basis. Note: We ignore entries that conflict with generated labels." type: "object" name: description: "Name is the name of the machine pool." type: "string" platform: - description: "Platform is configuration for machine pool specific to the platform." + description: "Platform is configuration for machine pool specific to the platform. When using a MachinePool to control the default worker machines created by installer, these must match the values provided in the install-config." properties: aws: description: "AWS is the configuration used when installing on AWS." @@ -140,6 +145,12 @@ spec: azure: description: "Azure is the configuration used when installing on Azure." properties: + computeSubnet: + description: "ComputeSubnet specifies an existing subnet for use by compute nodes. If omitted, the default (${infraID}-worker-subnet) will be used." + type: "string" + networkResourceGroupName: + description: "NetworkResourceGroupName specifies the network resource group that contains an existing VNet. Ignored unless VirtualNetwork is also specified." + type: "string" osDisk: description: "OSDisk defines the storage for instance." properties: @@ -198,6 +209,9 @@ spec: type: description: "InstanceType defines the azure instance type. eg. Standard_DS_V2" type: "string" + virtualNetwork: + description: "VirtualNetwork specifies the name of an existing VNet for the Machines to use If omitted, the default (${infraID}-vnet) will be used." + type: "string" zones: description: "Zones is list of availability zones that can be used. eg. [\"1\", \"2\", \"3\"]" items: @@ -515,7 +529,12 @@ spec: type: "object" type: "array" ownedLabels: - description: "OwnedLabels lists the keys of labels this MachinePool created on the remote MachineSet. Used to identify labels to remove from the remote MachineSet when they are absent from the MachinePool's spec.labels." + description: "OwnedLabels lists the keys of labels this MachinePool created on the remote MachineSet's MachineSpec. (In contrast with OwnedMachineLabels.) Used to identify labels to remove from the remote MachineSet when they are absent from the MachinePool's spec.labels." + items: + type: "string" + type: "array" + ownedMachineLabels: + description: "OwnedMachineLabels lists the keys of labels this MachinePool created on the remote MachineSet's MachineTemplateSpec. (In contrast with OwnedLabels.) Used to identify labels to remove from the remote MachineSet when they are absent from the MachinePool's spec.machineLabels." items: type: "string" type: "array" diff --git a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/backupstorages.yaml b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/backupstorages.yaml index bb8b8ee33..462066111 100644 --- a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/backupstorages.yaml +++ b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/backupstorages.yaml @@ -30,7 +30,7 @@ spec: description: "BackupStorageSpec defines the desired state of BackupStorage." properties: allowedNamespaces: - description: "AllowedNamespaces is the list of namespaces where the operator will copy secrets provided in the CredentialsSecretsName." + description: "AllowedNamespaces is the list of namespaces where the operator will copy secrets provided in the CredentialsSecretsName.\n\n\nDeprecated: BackupStorages are now used only in the namespaces where they are created." items: type: "string" type: "array" @@ -74,6 +74,7 @@ spec: usedNamespaces: additionalProperties: type: "boolean" + description: "Deprecated: BackupStorages are now used only in the namespaces where they are created." type: "object" required: - "usedNamespaces" diff --git a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusterbackups.yaml b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusterbackups.yaml index c8e50ef7b..3cf663bdd 100644 --- a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusterbackups.yaml +++ b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusterbackups.yaml @@ -54,7 +54,7 @@ spec: description: "DatabaseClusterBackupSpec defines the desired state of DatabaseClusterBackup." properties: backupStorageName: - description: "BackupStorageName is the name of the BackupStorage used for backups." + description: "BackupStorageName is the name of the BackupStorage used for backups.\nThe BackupStorage must be created in the same namespace as the DatabaseCluster." type: "string" dbClusterName: description: "DBClusterName is the original database cluster name." diff --git a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusterrestores.yaml b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusterrestores.yaml index 66b525ce9..59454db25 100644 --- a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusterrestores.yaml +++ b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusterrestores.yaml @@ -67,7 +67,7 @@ spec: description: "BackupSource is the backup source to restore from" properties: backupStorageName: - description: "BackupStorageName is the name of the BackupStorage used for backups." + description: "BackupStorageName is the name of the BackupStorage used for backups.\nThe BackupStorage must be created in the same namespace as the DatabaseCluster." type: "string" path: description: "Path is the path to the backup file/directory." diff --git a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusters.yaml b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusters.yaml index a7b2785bc..b321e5726 100644 --- a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusters.yaml +++ b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseclusters.yaml @@ -62,7 +62,7 @@ spec: description: "PITR is the configuration of the point in time recovery" properties: backupStorageName: - description: "BackupStorageName is the name of the BackupStorage where the PITR is enabled" + description: "BackupStorageName is the name of the BackupStorage where the PITR is enabled\nThe BackupStorage must be created in the same namespace as the DatabaseCluster." type: "string" enabled: description: "Enabled is a flag to enable PITR" @@ -79,7 +79,7 @@ spec: description: "BackupSchedule is the backup schedule configuration." properties: backupStorageName: - description: "BackupStorageName is the name of the BackupStorage CR that defines the\nstorage location" + description: "BackupStorageName is the name of the BackupStorage CR that defines the\nstorage location.\nThe BackupStorage must be created in the same namespace as the DatabaseCluster." type: "string" enabled: description: "Enabled is a flag to enable the schedule" @@ -111,7 +111,7 @@ spec: description: "BackupSource is the backup source to restore from" properties: backupStorageName: - description: "BackupStorageName is the name of the BackupStorage used for backups." + description: "BackupStorageName is the name of the BackupStorage used for backups.\nThe BackupStorage must be created in the same namespace as the DatabaseCluster." type: "string" path: description: "Path is the path to the backup file/directory." @@ -207,7 +207,7 @@ spec: description: "Monitoring is the monitoring configuration" properties: monitoringConfigName: - description: "MonitoringConfigName is the name of a monitoringConfig CR." + description: "MonitoringConfigName is the name of a monitoringConfig CR.\nThe MonitoringConfig must be created in the same namespace as the DatabaseCluster." type: "string" resources: description: "Resources defines resource limitations for the monitoring." @@ -305,6 +305,33 @@ spec: - "pgbouncer" type: "string" type: "object" + sharding: + description: "Sharding is the sharding configuration. PSMDB-only" + properties: + configServer: + description: "ConfigServer represents the sharding configuration server settings" + properties: + replicas: + description: "Replicas is the amount of configServers" + format: "int32" + minimum: 1.0 + type: "integer" + required: + - "replicas" + type: "object" + enabled: + description: "Enabled defines if the sharding is enabled" + type: "boolean" + shards: + description: "Shards defines the number of shards" + format: "int32" + minimum: 1.0 + type: "integer" + required: + - "configServer" + - "enabled" + - "shards" + type: "object" required: - "engine" type: "object" @@ -317,6 +344,9 @@ spec: crVersion: description: "CRVersion is the observed version of the CR used with the underlying operator." type: "string" + details: + description: "Details provides full status of the upstream cluster as a plain text." + type: "string" hostname: description: "Hostname is the hostname where the cluster can be reached" type: "string" diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml index d7252e87e..2c01e97b5 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "perconapgbackups.pgv2.percona.com" spec: group: "pgv2.percona.com" diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml index c22a9161d..e2a46cd7a 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "perconapgclusters.pgv2.percona.com" spec: group: "pgv2.percona.com" @@ -7890,7 +7890,7 @@ spec: patroni: properties: dynamicConfiguration: - description: "Patroni dynamic configuration settings. Changes to this value will be\nautomatically reloaded without validation. Changes to certain PostgreSQL\nparameters cause PostgreSQL to restart.\nMore info: https://patroni.readthedocs.io/en/latest/SETTINGS.html" + description: "Patroni dynamic configuration settings. Changes to this value will be\nautomatically reloaded without validation. Changes to certain PostgreSQL\nparameters cause PostgreSQL to restart.\nMore info: https://patroni.readthedocs.io/en/latest/dynamic_configuration.html" type: "object" x-kubernetes-preserve-unknown-fields: true leaderLeaseDurationSeconds: @@ -10259,6 +10259,7 @@ spec: type: "string" options: description: "ALTER ROLE options except for PASSWORD. This field is ignored for the\n\"postgres\" user.\nMore info: https://www.postgresql.org/docs/current/role-attributes.html" + maxLength: 200 pattern: "^[^;]*$" type: "string" password: diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgrestores.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgrestores.yaml index ae2e9b8a3..7fa22f544 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgrestores.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgrestores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "perconapgrestores.pgv2.percona.com" spec: group: "pgv2.percona.com" diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgupgrades.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgupgrades.yaml index 5044ed7a2..c395a2676 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgupgrades.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgupgrades.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "perconapgupgrades.pgv2.percona.com" spec: group: "pgv2.percona.com" @@ -1549,8 +1549,14 @@ spec: description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" + toPgBackRestImage: + description: "The image to use for PgBackRest containers after upgrade." + type: "string" + toPgBouncerImage: + description: "The image to use for PgBouncer containers after upgrade." + type: "string" toPostgresImage: - description: "The image name to use for PostgreSQL containers after upgrade.\nWhen omitted, the value comes from an operator environment variable." + description: "The image to use for PostgreSQL containers after upgrade." type: "string" toPostgresVersion: description: "The major version of PostgreSQL to be upgraded to." @@ -1615,6 +1621,9 @@ spec: - "fromPostgresVersion" - "image" - "postgresClusterName" + - "toPgBackRestImage" + - "toPgBouncerImage" + - "toPostgresImage" - "toPostgresVersion" type: "object" status: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml index 27478e883..805110827 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml @@ -3326,6 +3326,7 @@ spec: type: "string" minItems: 1 type: "array" + x-kubernetes-list-type: "set" refreshInterval: description: "RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" @@ -3850,7 +3851,7 @@ spec: description: "HTTPSDConfig defines a prometheus HTTP service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config" properties: authorization: - description: "Authorization header configuration to authenticate against the target HTTP endpoint." + description: "Authorization header configuration to authenticate against the target HTTP endpoint.\nCannot be set at the same time as `oAuth2`, or `basicAuth`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -3874,7 +3875,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to authenticate against the target HTTP endpoint.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" + description: "BasicAuth information to authenticate against the target HTTP endpoint.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints\nCannot be set at the same time as `authorization`, or `oAuth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -3911,9 +3912,244 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" + enableHTTP2: + description: "Whether to enable HTTP2." + type: "boolean" + followRedirects: + description: "Configure whether HTTP requests follow HTTP 3xx redirects." + type: "boolean" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" + oauth2: + description: "Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint.\nCannot be set at the same time as `authorization`, or `basicAuth`." + properties: + clientId: + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + clientSecret: + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + endpointParams: + additionalProperties: + type: "string" + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." + type: "object" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." + type: "string" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use." + pattern: "^http(s)?://.+$" + type: "string" + scopes: + description: "`scopes` defines the OAuth2 scopes used for the token request." + items: + type: "string" + type: "array" + tlsConfig: + description: "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0." + properties: + ca: + description: "Certificate authority used when verifying server certificates." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + cert: + description: "Client certificate to present when doing client-authentication." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + insecureSkipVerify: + description: "Disable target certificate validation." + type: "boolean" + keySecret: + description: "Secret containing the client key file for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + maxVersion: + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." + enum: + - "TLS10" + - "TLS11" + - "TLS12" + - "TLS13" + type: "string" + minVersion: + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." + enum: + - "TLS10" + - "TLS11" + - "TLS12" + - "TLS13" + type: "string" + serverName: + description: "Used to verify the hostname for the targets." + type: "string" + type: "object" + tokenUrl: + description: "`tokenURL` configures the URL to fetch the token from." + minLength: 1 + type: "string" + required: + - "clientId" + - "clientSecret" + - "tokenUrl" + type: "object" proxyConnectHeader: additionalProperties: items: diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephnfses.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephnfses.yaml index 61b1fd1aa..fd26b4d45 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephnfses.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephnfses.yaml @@ -556,12 +556,12 @@ spec: description: "Sidecar tells Rook to run SSSD in a sidecar alongside the NFS-Ganesha server in each NFS pod." properties: additionalFiles: - description: "AdditionalFiles defines any number of additional files that should be mounted into the SSSD\nsidecar. These files may be referenced by the sssd.conf config file." + description: "AdditionalFiles defines any number of additional files that should be mounted into the SSSD\nsidecar with a directory root of `/etc/sssd/rook-additional/`.\nThese files may be referenced by the sssd.conf config file." items: - description: "SSSDSidecarAdditionalFile represents the source from where additional files for the the SSSD\nconfiguration should come from and are made available." + description: "AdditionalVolumeMount represents the source from where additional files in pod containers\nshould come from and what subdirectory they are made available in." properties: subPath: - description: "SubPath defines the sub-path in `/etc/sssd/rook-additional/` where the additional file(s)\nwill be placed. Each subPath definition must be unique and must not contain ':'." + description: "SubPath defines the sub-path (subdirectory) of the directory root where the volumeSource will\nbe mounted. All files/keys in the volume source's volume will be mounted to the subdirectory.\nThis is not the same as the Kubernetes `subPath` volume mount option.\nEach subPath definition must be unique and must not contain ':'." minLength: 1 pattern: "^[^:]+$" type: "string" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml index 72bb8bad2..1bf284690 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml @@ -255,6 +255,262 @@ spec: description: "The rgw pod info" nullable: true properties: + additionalVolumeMounts: + description: "AdditionalVolumeMounts allows additional volumes to be mounted to the RGW pod.\nThe root directory for each additional volume mount is `/var/rgw`.\nExample: for an additional mount at subPath `ldap`, mounted from a secret that has key\n`bindpass.secret`, the file would reside at `/var/rgw/ldap/bindpass.secret`." + items: + description: "AdditionalVolumeMount represents the source from where additional files in pod containers\nshould come from and what subdirectory they are made available in." + properties: + subPath: + description: "SubPath defines the sub-path (subdirectory) of the directory root where the volumeSource will\nbe mounted. All files/keys in the volume source's volume will be mounted to the subdirectory.\nThis is not the same as the Kubernetes `subPath` volume mount option.\nEach subPath definition must be unique and must not contain ':'." + minLength: 1 + pattern: "^[^:]+$" + type: "string" + volumeSource: + properties: + configMap: + properties: + defaultMode: + format: "int32" + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + format: "int32" + type: "integer" + path: + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + name: + default: "" + type: "string" + optional: + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + emptyDir: + properties: + medium: + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + hostPath: + properties: + path: + type: "string" + type: + type: "string" + required: + - "path" + type: "object" + persistentVolumeClaim: + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + required: + - "claimName" + type: "object" + projected: + properties: + defaultMode: + format: "int32" + type: "integer" + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" + configMap: + properties: + items: + items: + properties: + key: + type: "string" + mode: + format: "int32" + type: "integer" + path: + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + name: + default: "" + type: "string" + optional: + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: "string" + fieldPath: + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + format: "int32" + type: "integer" + path: + type: "string" + resourceFieldRef: + properties: + containerName: + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + type: "object" + secret: + properties: + items: + items: + properties: + key: + type: "string" + mode: + format: "int32" + type: "integer" + path: + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + name: + default: "" + type: "string" + optional: + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + serviceAccountToken: + properties: + audience: + type: "string" + expirationSeconds: + format: "int64" + type: "integer" + path: + type: "string" + required: + - "path" + type: "object" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + type: "object" + secret: + properties: + defaultMode: + format: "int32" + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + format: "int32" + type: "integer" + path: + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + required: + - "subPath" + - "volumeSource" + type: "object" + type: "array" annotations: additionalProperties: type: "string" diff --git a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1/scyllaclusters.yaml b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1/scyllaclusters.yaml index bfb0a0933..68e862c08 100644 --- a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1/scyllaclusters.yaml +++ b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1/scyllaclusters.yaml @@ -1901,7 +1901,7 @@ spec: type: "string" type: "array" exposeOptions: - description: "exposeOptions specifies options for exposing ScyllaCluster services. EXPERIMENTAL. Do not rely on any particular behaviour controlled by this field." + description: "exposeOptions specifies options for exposing ScyllaCluster services. This field is immutable. EXPERIMENTAL. Do not rely on any particular behaviour controlled by this field." properties: broadcastOptions: description: "BroadcastOptions defines how ScyllaDB node publishes its IP address to other nodes and clients." diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml index f680f6ea1..070ea9d97 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml @@ -133,6 +133,8 @@ spec: properties: connectionString: type: "string" + scoreThreshold: + type: "number" type: "object" type: "object" embedding: @@ -153,6 +155,9 @@ spec: type: "object" type: "object" type: "object" + mode: + type: "string" + x-kubernetes-int-or-string: true ttl: maximum: 4294967295.0 minimum: 0.0 diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml index 9df3e5928..fb119e1f8 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml @@ -243,6 +243,8 @@ spec: properties: connectionString: type: "string" + scoreThreshold: + type: "number" type: "object" type: "object" embedding: @@ -263,6 +265,9 @@ spec: type: "object" type: "object" type: "object" + mode: + type: "string" + x-kubernetes-int-or-string: true ttl: maximum: 4294967295.0 minimum: 0.0 diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml index 0193e70ec..94e817615 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml @@ -3247,6 +3247,8 @@ spec: properties: connectionString: type: "string" + scoreThreshold: + type: "number" type: "object" type: "object" embedding: @@ -3267,6 +3269,9 @@ spec: type: "object" type: "object" type: "object" + mode: + type: "string" + x-kubernetes-int-or-string: true ttl: maximum: 4294967295.0 minimum: 0.0 diff --git a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1alpha1/kafkausers.yaml b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1alpha1/kafkausers.yaml index aa6d00711..19d74a0f9 100644 --- a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1alpha1/kafkausers.yaml +++ b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1alpha1/kafkausers.yaml @@ -112,7 +112,7 @@ spec: - "All" type: "string" operations: - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." items: enum: - "Read" diff --git a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta1/kafkausers.yaml b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta1/kafkausers.yaml index 370a2e9c1..02d4d768f 100644 --- a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta1/kafkausers.yaml +++ b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta1/kafkausers.yaml @@ -112,7 +112,7 @@ spec: - "All" type: "string" operations: - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." items: enum: - "Read" diff --git a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkabridges.yaml b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkabridges.yaml index 292b46f89..a47090868 100644 --- a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkabridges.yaml +++ b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkabridges.yaml @@ -77,6 +77,9 @@ spec: accessTokenIsJwt: description: "Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`." type: "boolean" + accessTokenLocation: + description: "Path to the token file containing an access token to be used for authentication." + type: "string" audience: description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." type: "string" @@ -97,6 +100,25 @@ spec: - "certificate" - "key" type: "object" + clientAssertion: + description: "Link to Kubernetes secret containing the client assertion which was manually configured for the client." + properties: + key: + description: "The key under which the secret value is stored in the Kubernetes Secret." + type: "string" + secretName: + description: "The name of the Kubernetes Secret containing the secret value." + type: "string" + required: + - "key" + - "secretName" + type: "object" + clientAssertionLocation: + description: "Path to the file containing the client assertion to be used for authentication." + type: "string" + clientAssertionType: + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." + type: "string" clientId: description: "OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI." type: "string" @@ -163,6 +185,11 @@ spec: - "key" - "secretName" type: "object" + saslExtensions: + additionalProperties: + type: "string" + description: "SASL extensions parameters." + type: "object" scope: description: "OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request." type: "string" @@ -224,7 +251,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true enabled: - description: "Whether the HTTP consumer should be enabled or disabled, default is enabled." + description: "Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`)." type: "boolean" timeoutSeconds: description: "The timeout in seconds for deleting inactive consumers, default is -1 (disabled)." @@ -356,7 +383,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true enabled: - description: "Whether the HTTP producer should be enabled or disabled, default is enabled." + description: "Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`)." type: "boolean" type: "object" rack: @@ -540,6 +567,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" clusterRoleBinding: description: "Template for the Kafka Bridge ClusterRoleBinding." @@ -663,6 +710,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" pod: description: "Template for Kafka Bridge `Pods`." @@ -1107,7 +1174,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -1168,6 +1235,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" podDisruptionBudget: description: "Template for Kafka Bridge `PodDisruptionBudget`." diff --git a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkaconnects.yaml b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkaconnects.yaml index 5ed7e0e16..497cc6007 100644 --- a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkaconnects.yaml +++ b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkaconnects.yaml @@ -64,6 +64,9 @@ spec: accessTokenIsJwt: description: "Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`." type: "boolean" + accessTokenLocation: + description: "Path to the token file containing an access token to be used for authentication." + type: "string" audience: description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." type: "string" @@ -84,6 +87,25 @@ spec: - "certificate" - "key" type: "object" + clientAssertion: + description: "Link to Kubernetes secret containing the client assertion which was manually configured for the client." + properties: + key: + description: "The key under which the secret value is stored in the Kubernetes Secret." + type: "string" + secretName: + description: "The name of the Kubernetes Secret containing the secret value." + type: "string" + required: + - "key" + - "secretName" + type: "object" + clientAssertionLocation: + description: "Path to the file containing the client assertion to be used for authentication." + type: "string" + clientAssertionType: + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." + type: "string" clientId: description: "OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI." type: "string" @@ -150,6 +172,11 @@ spec: - "key" - "secretName" type: "object" + saslExtensions: + additionalProperties: + type: "string" + description: "SASL extensions parameters." + type: "object" scope: description: "OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request." type: "string" @@ -609,7 +636,7 @@ spec: type: "object" type: "object" template: - description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." + description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." properties: apiService: description: "Template for Kafka Connect API `Service`." @@ -745,6 +772,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" buildPod: description: "Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes." @@ -1189,7 +1236,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -1250,6 +1297,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" buildServiceAccount: description: "Template for the Kafka Connect Build service account." @@ -1367,6 +1493,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" deployment: description: "Template for Kafka Connect `Deployment`." @@ -1505,6 +1651,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" jmxSecret: description: "Template for Secret of the Kafka Connect Cluster JMX authentication." @@ -1967,7 +2133,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -2028,6 +2194,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" podDisruptionBudget: description: "Template for Kafka Connect `PodDisruptionBudget`." diff --git a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkamirrormaker2s.yaml b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkamirrormaker2s.yaml index 9d70e8d93..9f72d4c9d 100644 --- a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkamirrormaker2s.yaml +++ b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkamirrormaker2s.yaml @@ -75,6 +75,9 @@ spec: accessTokenIsJwt: description: "Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`." type: "boolean" + accessTokenLocation: + description: "Path to the token file containing an access token to be used for authentication." + type: "string" audience: description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." type: "string" @@ -95,6 +98,25 @@ spec: - "certificate" - "key" type: "object" + clientAssertion: + description: "Link to Kubernetes secret containing the client assertion which was manually configured for the client." + properties: + key: + description: "The key under which the secret value is stored in the Kubernetes Secret." + type: "string" + secretName: + description: "The name of the Kubernetes Secret containing the secret value." + type: "string" + required: + - "key" + - "secretName" + type: "object" + clientAssertionLocation: + description: "Path to the file containing the client assertion to be used for authentication." + type: "string" + clientAssertionType: + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." + type: "string" clientId: description: "OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI." type: "string" @@ -161,6 +183,11 @@ spec: - "key" - "secretName" type: "object" + saslExtensions: + additionalProperties: + type: "string" + description: "SASL extensions parameters." + type: "object" scope: description: "OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request." type: "string" @@ -671,7 +698,7 @@ spec: type: "object" type: "object" template: - description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." + description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." properties: apiService: description: "Template for Kafka Connect API `Service`." @@ -807,6 +834,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" buildPod: description: "Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes." @@ -1251,7 +1298,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -1312,6 +1359,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" buildServiceAccount: description: "Template for the Kafka Connect Build service account." @@ -1429,6 +1555,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" deployment: description: "Template for Kafka Connect `Deployment`." @@ -1567,6 +1713,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" jmxSecret: description: "Template for Secret of the Kafka Connect Cluster JMX authentication." @@ -2029,7 +2195,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -2090,6 +2256,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" podDisruptionBudget: description: "Template for Kafka Connect `PodDisruptionBudget`." diff --git a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkamirrormakers.yaml b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkamirrormakers.yaml index 5d5adbd4c..d3141c805 100644 --- a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkamirrormakers.yaml +++ b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkamirrormakers.yaml @@ -86,6 +86,9 @@ spec: accessTokenIsJwt: description: "Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`." type: "boolean" + accessTokenLocation: + description: "Path to the token file containing an access token to be used for authentication." + type: "string" audience: description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." type: "string" @@ -106,6 +109,25 @@ spec: - "certificate" - "key" type: "object" + clientAssertion: + description: "Link to Kubernetes secret containing the client assertion which was manually configured for the client." + properties: + key: + description: "The key under which the secret value is stored in the Kubernetes Secret." + type: "string" + secretName: + description: "The name of the Kubernetes Secret containing the secret value." + type: "string" + required: + - "key" + - "secretName" + type: "object" + clientAssertionLocation: + description: "Path to the file containing the client assertion to be used for authentication." + type: "string" + clientAssertionType: + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." + type: "string" clientId: description: "OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI." type: "string" @@ -172,6 +194,11 @@ spec: - "key" - "secretName" type: "object" + saslExtensions: + additionalProperties: + type: "string" + description: "SASL extensions parameters." + type: "object" scope: description: "OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request." type: "string" @@ -414,6 +441,9 @@ spec: accessTokenIsJwt: description: "Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`." type: "boolean" + accessTokenLocation: + description: "Path to the token file containing an access token to be used for authentication." + type: "string" audience: description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." type: "string" @@ -434,6 +464,25 @@ spec: - "certificate" - "key" type: "object" + clientAssertion: + description: "Link to Kubernetes secret containing the client assertion which was manually configured for the client." + properties: + key: + description: "The key under which the secret value is stored in the Kubernetes Secret." + type: "string" + secretName: + description: "The name of the Kubernetes Secret containing the secret value." + type: "string" + required: + - "key" + - "secretName" + type: "object" + clientAssertionLocation: + description: "Path to the file containing the client assertion to be used for authentication." + type: "string" + clientAssertionType: + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." + type: "string" clientId: description: "OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI." type: "string" @@ -500,6 +549,11 @@ spec: - "key" - "secretName" type: "object" + saslExtensions: + additionalProperties: + type: "string" + description: "SASL extensions parameters." + type: "object" scope: description: "OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request." type: "string" @@ -749,6 +803,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" pod: description: "Template for Kafka MirrorMaker `Pods`." @@ -1193,7 +1267,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -1254,6 +1328,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" podDisruptionBudget: description: "Template for Kafka MirrorMaker `PodDisruptionBudget`." diff --git a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkas.yaml b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkas.yaml index 55c59e0c9..0bef7671c 100644 --- a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkas.yaml +++ b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkas.yaml @@ -108,6 +108,32 @@ spec: cruiseControl: description: "Configuration for Cruise Control deployment. Deploys a Cruise Control instance when specified." properties: + apiUsers: + description: "Configuration of the Cruise Control REST API users." + properties: + type: + description: "Type of the Cruise Control API users configuration. Supported format is: `hashLoginService`." + enum: + - "hashLoginService" + type: "string" + valueFrom: + description: "Secret from which the custom Cruise Control API authentication credentials are read." + properties: + secretKeyRef: + description: "Selects a key of a Secret in the resource's namespace." + properties: + key: + type: "string" + name: + type: "string" + optional: + type: "boolean" + type: "object" + type: "object" + required: + - "type" + - "valueFrom" + type: "object" brokerCapacity: description: "The Cruise Control `brokerCapacity` configuration." properties: @@ -445,6 +471,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" deployment: description: "Template for Cruise Control `Deployment`." @@ -913,7 +959,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -974,6 +1020,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" podDisruptionBudget: description: "Template for Cruise Control `PodDisruptionBudget`." @@ -1095,6 +1220,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" type: "object" tlsSidecar: @@ -1683,7 +1828,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -1744,6 +1889,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" serviceAccount: description: "Template for the Entity Operator service account." @@ -1843,6 +2067,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" topicOperatorContainer: description: "Template for the Entity Topic Operator container." @@ -1924,6 +2168,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" topicOperatorRoleBinding: description: "Template for the Entity Topic Operator RoleBinding." @@ -2023,6 +2287,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" userOperatorRoleBinding: description: "Template for the Entity Topic Operator RoleBinding." @@ -2660,6 +2944,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" deployment: description: "Template for JmxTrans `Deployment`." @@ -3128,7 +3432,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -3189,6 +3493,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" serviceAccount: description: "Template for the JmxTrans service account." @@ -3390,7 +3773,7 @@ spec: type: "array" type: "object" listeners: - description: "Configures listeners of Kafka brokers." + description: "Configures listeners to provide access to Kafka brokers." items: properties: authentication: @@ -3455,7 +3838,7 @@ spec: description: "Enable or disable termination of Kafka broker processes due to potentially recoverable runtime errors during startup. Default value is `true`." type: "boolean" fallbackUserNameClaim: - description: "The fallback username claim to be used for the user id if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client id being provided in another claim. It only takes effect if `userNameClaim` is set." + description: "The fallback username claim to be used for the user ID if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client ID being provided in another claim. It only takes effect if `userNameClaim` is set." type: "string" fallbackUserNamePrefix: description: "The prefix to use with the value of `fallbackUserNameClaim` to construct the user id. This only takes effect if `fallbackUserNameClaim` is true, and the value is present for the claim. Mapping usernames and client ids into the same user id space is useful in preventing name collisions." @@ -3497,7 +3880,7 @@ spec: minimum: 1.0 type: "integer" listenerConfig: - description: "Configuration to be used for a specific listener. All values are prefixed with listener.name.__." + description: "Configuration to be used for a specific listener. All values are prefixed with `listener.name.`." type: "object" x-kubernetes-preserve-unknown-fields: true maxSecondsWithoutReauthentication: @@ -3510,7 +3893,7 @@ spec: description: "Enable or disable SASL on this listener." type: "boolean" secrets: - description: "Secrets to be mounted to /opt/kafka/custom-authn-secrets/custom-listener-_-_/__." + description: "Secrets to be mounted to `/opt/kafka/custom-authn-secrets/custom-listener--/`." items: properties: key: @@ -3524,6 +3907,9 @@ spec: - "secretName" type: "object" type: "array" + serverBearerTokenLocation: + description: "Path to the file on the local filesystem that contains a bearer token to be used instead of client ID and secret when authenticating to authorization server." + type: "string" tlsTrustedCertificates: description: "Trusted certificates for TLS connection to the OAuth server." items: @@ -3567,6 +3953,9 @@ spec: userNameClaim: description: "Name of the claim from the JWT authentication token, Introspection Endpoint response or User Info Endpoint response which will be used to extract the user id. Defaults to `sub`." type: "string" + userNamePrefix: + description: "The prefix to use with the value of `userNameClaim` to construct the user ID. This only takes effect if `userNameClaim` is specified and the value is present for the claim. When used in combination with `fallbackUserNameClaims`, it ensures consistent mapping of usernames and client IDs into the same user ID space and prevents name collisions." + type: "string" validIssuerUri: description: "URI of the token issuer used for authentication." type: "string" @@ -3590,26 +3979,26 @@ spec: annotations: additionalProperties: type: "string" - description: "Annotations that will be added to the `Ingress`, `Route`, or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." + description: "Annotations added to `Ingress`, `Route`, or `Service` resources. You can use this property to configure DNS providers such as External DNS. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only." type: "object" externalIPs: - description: "External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This field is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. This field can only be used with `nodeport` type listener." + description: "External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This property is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. For `nodeport` listeners only." items: type: "string" type: "array" host: - description: "The bootstrap host. This field will be used in the Ingress resource or in the Route resource to specify the desired hostname. This field can be used only with `route` (optional) or `ingress` (required) type listeners." + description: "Specifies the hostname used for the bootstrap resource. For `route` (optional) or `ingress` (required) listeners only. Ensure the hostname resolves to the Ingress endpoints; no validation is performed by Strimzi." type: "string" labels: additionalProperties: type: "string" - description: "Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." + description: "Labels added to `Ingress`, `Route`, or `Service` resources. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only." type: "object" loadBalancerIP: - description: "The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This field is ignored if the cloud provider does not support the feature.This field can be used only with `loadbalancer` type listener." + description: "The loadbalancer is requested with the IP address specified in this property. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This property is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only." type: "string" nodePort: - description: "Node port for the bootstrap service. This field can be used only with `nodeport` type listener." + description: "Node port for the bootstrap service. For `nodeport` listeners only." type: "integer" type: "object" brokerCertChainAndKey: @@ -3671,19 +4060,19 @@ spec: type: "object" type: "array" class: - description: "Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller will be used. This field can only be used with `ingress` and `loadbalancer` type listeners. If not specified, the default controller is used. For an `ingress` listener, set the `ingressClassName` property in the `Ingress` resources. For a `loadbalancer` listener, set the `loadBalancerClass` property in the `Service` resources." + description: "Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller is used. If not specified, the default controller is used.\n\n* For an `ingress` listener, the operator uses this property to set the `ingressClassName` property in the `Ingress` resources.\n* For a `loadbalancer` listener, the operator uses this property to set the `loadBalancerClass` property in the `Service` resources.\n\nFor `ingress` and `loadbalancer` listeners only." type: "string" createBootstrapService: - description: "Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadBalancer` type listener." + description: "Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadbalancer` listener." type: "boolean" externalTrafficPolicy: - description: "Specifies whether the service routes external traffic to node-local or cluster-wide endpoints. `Cluster` may cause a second hop to another node and obscures the client source IP. `Local` avoids a second hop for LoadBalancer and Nodeport type services and preserves the client source IP (when supported by the infrastructure). If unspecified, Kubernetes will use `Cluster` as the default.This field can be used only with `loadbalancer` or `nodeport` type listener." + description: "Specifies whether the service routes external traffic to cluster-wide or node-local endpoints:\n\n* `Cluster` may cause a second hop to another node and obscures the client source IP.\n* `Local` avoids a second hop for `LoadBalancer` and `Nodeport` type services and preserves the client source IP (when supported by the infrastructure).\n\nIf unspecified, Kubernetes uses `Cluster` as the default. For `loadbalancer` or `nodeport` listeners only." enum: - "Local" - "Cluster" type: "string" finalizers: - description: "A list of finalizers which will be configured for the `LoadBalancer` type Services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. This field can be used only with `loadbalancer` type listeners." + description: "A list of finalizers configured for the `LoadBalancer` type services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. For `loadbalancer` listeners only." items: type: "string" type: "array" @@ -3696,14 +4085,14 @@ spec: type: "string" type: "array" ipFamilyPolicy: - description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type." + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`:\n\n* `SingleStack` is for a single IP family.\n* `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters.\n* `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters.\n\nIf unspecified, Kubernetes will choose the default value based on the service type." enum: - "SingleStack" - "PreferDualStack" - "RequireDualStack" type: "string" loadBalancerSourceRanges: - description: "A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to load balancer type listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. This field can be used only with `loadbalancer` type listener." + description: "A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to loadbalancer listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only." items: type: "string" type: "array" @@ -3714,7 +4103,7 @@ spec: description: "The maximum number of connections we allow for this listener in the broker at any time. New connections are blocked if the limit is reached." type: "integer" preferredNodePortAddressType: - description: "Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses will be used in the following order (the first one found will be used):\n\n* `ExternalDNS`\n* `ExternalIP`\n* `InternalDNS`\n* `InternalIP`\n* `Hostname`\n\nThis field is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order. This field can only be used with `nodeport` type listener." + description: "Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses are used in the following order (the first one found is used):\n\n* `ExternalDNS`\n* `ExternalIP`\n* `InternalDNS`\n* `InternalIP`\n* `Hostname`\n\nThis property is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order.For `nodeport` listeners only." enum: - "ExternalIP" - "ExternalDNS" @@ -3723,10 +4112,10 @@ spec: - "Hostname" type: "string" publishNotReadyAddresses: - description: "Configures whether the service endpoints are considered \"ready\" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` type listeners." + description: "Configures whether the service endpoints are considered \"ready\" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` listeners." type: "boolean" useServiceDnsDomain: - description: "Configures whether the Kubernetes service DNS domain should be used or not. If set to `true`, the generated addresses will contain the service DNS domain suffix (by default `.cluster.local`, can be configured using environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`). Defaults to `false`.This field can be used only with `internal` and `cluster-ip` type listeners." + description: "Configures whether the Kubernetes service DNS domain should be included in the generated addresses.\n\n* If set to `false`, the generated addresses do not contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc`.\n* If set to `true`, the generated addresses contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc.cluster.local`.\n\nThe default is `.cluster.local`, but this is customizable using the environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`. For `internal` and `cluster-ip` listeners only." type: "boolean" type: "object" name: @@ -3793,7 +4182,7 @@ spec: minimum: 9092.0 type: "integer" tls: - description: "Enables TLS encryption on the listener. This is a required property." + description: "Enables TLS encryption on the listener. This is a required property. For `route` and `ingress` type listeners, TLS encryption must be always enabled." type: "boolean" type: description: "Type of the listener. The supported types are as follows: \n\n* `internal` type exposes Kafka internally only within the Kubernetes cluster.\n* `route` type uses OpenShift Routes to expose Kafka.\n* `loadbalancer` type uses LoadBalancer type services to expose Kafka.\n* `nodeport` type uses NodePort type services to expose Kafka.\n* `ingress` type uses Kubernetes Nginx Ingress to expose Kafka with TLS passthrough.\n* `cluster-ip` type uses a per-broker `ClusterIP` service.\n" @@ -4023,7 +4412,7 @@ spec: - "shared" type: "string" overrides: - description: "Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers." + description: "Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers." items: properties: broker: @@ -4073,7 +4462,7 @@ spec: - "shared" type: "string" overrides: - description: "Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers." + description: "Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers." items: properties: broker: @@ -4348,6 +4737,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" jmxSecret: description: "Template for Secret of the Kafka Cluster JMX authentication." @@ -4447,6 +4856,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" perPodIngress: description: "Template for Kafka per-pod `Ingress` used for access from outside of Kubernetes." @@ -4963,7 +5392,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -5024,6 +5453,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" podDisruptionBudget: description: "Template for Kafka `PodDisruptionBudget`." @@ -5319,6 +5827,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" deployment: description: "Template for Kafka Exporter `Deployment`." @@ -5787,7 +6315,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -5848,6 +6376,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" service: description: "Template for Kafka Exporter `Service`." @@ -6110,7 +6717,7 @@ spec: - "shared" type: "string" overrides: - description: "Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers." + description: "Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers." items: properties: broker: @@ -6690,7 +7297,7 @@ spec: minimum: 0.0 type: "integer" tmpDirSizeLimit: - description: "Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`." + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" type: "string" tolerations: @@ -6751,6 +7358,85 @@ spec: type: "string" type: "object" type: "array" + volumes: + description: "Additional volumes that can be mounted to the pod." + items: + oneOf: + - properties: + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + secret: {} + required: [] + properties: + configMap: + description: "ConfigMap to use to populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + name: + type: "string" + optional: + type: "boolean" + type: "object" + emptyDir: + description: "EmptyDir to use to populate the volume." + properties: + medium: + type: "string" + sizeLimit: + properties: + amount: + type: "string" + format: + type: "string" + type: "object" + type: "object" + name: + description: "Name to use for the volume. Required." + type: "string" + persistentVolumeClaim: + description: "PersistentVolumeClaim object to use to populate the volume." + properties: + claimName: + type: "string" + readOnly: + type: "boolean" + type: "object" + secret: + description: "Secret to use populate the volume." + properties: + defaultMode: + type: "integer" + items: + items: + properties: + key: + type: "string" + mode: + type: "integer" + path: + type: "string" + type: "object" + type: "array" + optional: + type: "boolean" + secretName: + type: "string" + type: "object" + type: "object" + type: "array" type: "object" podDisruptionBudget: description: "Template for ZooKeeper `PodDisruptionBudget`." @@ -6914,6 +7600,26 @@ spec: type: "string" type: "object" type: "object" + volumeMounts: + description: "Additional volume mounts which should be applied to the container." + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + type: "object" + type: "array" type: "object" type: "object" required: @@ -7013,6 +7719,11 @@ spec: operatorLastSuccessfulVersion: description: "The version of the Strimzi Cluster Operator which performed the last successful reconciliation." type: "string" + registeredNodeIds: + description: "Registered node IDs used by this Kafka cluster. This field is used for internal purposes only and will be removed in the future." + items: + type: "integer" + type: "array" type: "object" type: "object" served: true diff --git a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkausers.yaml b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkausers.yaml index c4468c4a4..e2f754eb0 100644 --- a/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkausers.yaml +++ b/crd-catalog/strimzi/strimzi-kafka-operator/kafka.strimzi.io/v1beta2/kafkausers.yaml @@ -112,7 +112,7 @@ spec: - "All" type: "string" operations: - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." items: enum: - "Read" diff --git a/crd-catalog/tigera/operator/operator.tigera.io/v1/installations.yaml b/crd-catalog/tigera/operator/operator.tigera.io/v1/installations.yaml index 1d76ee067..2a6102447 100644 --- a/crd-catalog/tigera/operator/operator.tigera.io/v1/installations.yaml +++ b/crd-catalog/tigera/operator/operator.tigera.io/v1/installations.yaml @@ -672,6 +672,9 @@ spec: default: false description: "DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP.\nDefault: false" type: "boolean" + disableNewAllocations: + description: "DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool.\nThis is useful when you want to prevent new pods from receiving IP addresses from this pool, without\nimpacting any existing pods that have already been assigned addresses from this pool." + type: "boolean" encapsulation: description: "Encapsulation specifies the encapsulation type that will be used with\nthe IP Pool.\nDefault: IPIP" enum: @@ -5127,6 +5130,9 @@ spec: default: false description: "DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP.\nDefault: false" type: "boolean" + disableNewAllocations: + description: "DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool.\nThis is useful when you want to prevent new pods from receiving IP addresses from this pool, without\nimpacting any existing pods that have already been assigned addresses from this pool." + type: "boolean" encapsulation: description: "Encapsulation specifies the encapsulation type that will be used with\nthe IP Pool.\nDefault: IPIP" enum: diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutes.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutes.yaml index c8ee4f202..b9000524d 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutes.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "ingressroutes.traefik.io" spec: group: "traefik.io" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutetcps.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutetcps.yaml index 824af9d0a..09fcfce1e 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutetcps.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressroutetcps.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "ingressroutetcps.traefik.io" spec: group: "traefik.io" @@ -94,7 +94,7 @@ spec: description: "ServersTransport defines the name of ServersTransportTCP resource to use.\nIt allows to configure the transport between Traefik and your servers.\nCan only be used on a Kubernetes Service." type: "string" terminationDelay: - description: "TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates\nit has closed the writing capability of its connection, to close the reading capability as well,\nhence fully terminating the connection.\nIt is a duration in milliseconds, defaulting to 100.\nA negative value means an infinite deadline (i.e. the reading capability is never closed).\nDeprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead." + description: "TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates\nit has closed the writing capability of its connection, to close the reading capability as well,\nhence fully terminating the connection.\nIt is a duration in milliseconds, defaulting to 100.\nA negative value means an infinite deadline (i.e. the reading capability is never closed).\nDeprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead." type: "integer" tls: description: "TLS determines whether to use TLS when dialing with the backend." diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressrouteudps.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressrouteudps.yaml index 515cab076..6f84d6bb7 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressrouteudps.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/ingressrouteudps.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "ingressrouteudps.traefik.io" spec: group: "traefik.io" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewares.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewares.yaml index 64244cdbe..424a208b2 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewares.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewares.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "middlewares.traefik.io" spec: group: "traefik.io" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewaretcps.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewaretcps.yaml index d0c6d5698..921687d11 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewaretcps.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/middlewaretcps.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "middlewaretcps.traefik.io" spec: group: "traefik.io" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/serverstransports.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/serverstransports.yaml index f8f7e23be..0a6ec64fe 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/serverstransports.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/serverstransports.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "serverstransports.traefik.io" spec: group: "traefik.io" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/serverstransporttcps.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/serverstransporttcps.yaml index 8ab8470b6..0941025cb 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/serverstransporttcps.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/serverstransporttcps.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "serverstransporttcps.traefik.io" spec: group: "traefik.io" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/tlsoptions.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/tlsoptions.yaml index abffbfe89..8e642574e 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/tlsoptions.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/tlsoptions.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "tlsoptions.traefik.io" spec: group: "traefik.io" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/tlsstores.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/tlsstores.yaml index 60807c15f..f53765cd1 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/tlsstores.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/tlsstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "tlsstores.traefik.io" spec: group: "traefik.io" diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml index d5037bdfe..3b8bb4bdb 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "traefikservices.traefik.io" spec: group: "traefik.io" diff --git a/kube-custom-resources-rs/src/agent_k8s_elastic_co/v1alpha1/agents.rs b/kube-custom-resources-rs/src/agent_k8s_elastic_co/v1alpha1/agents.rs index c756b2c4a..b38439f54 100644 --- a/kube-custom-resources-rs/src/agent_k8s_elastic_co/v1alpha1/agents.rs +++ b/kube-custom-resources-rs/src/agent_k8s_elastic_co/v1alpha1/agents.rs @@ -234,9 +234,11 @@ pub struct AgentDaemonSetPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -247,11 +249,9 @@ pub struct AgentDaemonSetPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -266,6 +266,7 @@ pub struct AgentDaemonSetPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -318,11 +319,9 @@ pub struct AgentDaemonSetPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -347,7 +346,6 @@ pub struct AgentDaemonSetPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -611,7 +609,7 @@ pub struct AgentDaemonSetPodTemplateSpecAffinityPodAffinityPreferredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -622,7 +620,7 @@ pub struct AgentDaemonSetPodTemplateSpecAffinityPodAffinityPreferredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -732,7 +730,7 @@ pub struct AgentDaemonSetPodTemplateSpecAffinityPodAffinityRequiredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -743,7 +741,7 @@ pub struct AgentDaemonSetPodTemplateSpecAffinityPodAffinityRequiredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -884,7 +882,7 @@ pub struct AgentDaemonSetPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -895,7 +893,7 @@ pub struct AgentDaemonSetPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1005,7 +1003,7 @@ pub struct AgentDaemonSetPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1016,7 +1014,7 @@ pub struct AgentDaemonSetPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1322,9 +1320,7 @@ pub struct AgentDaemonSetPodTemplateSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1367,9 +1363,7 @@ pub struct AgentDaemonSetPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1398,9 +1392,7 @@ pub struct AgentDaemonSetPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1415,9 +1407,7 @@ pub struct AgentDaemonSetPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1702,7 +1692,6 @@ pub struct AgentDaemonSetPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1853,7 +1842,6 @@ pub struct AgentDaemonSetPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1925,11 +1913,9 @@ pub struct AgentDaemonSetPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1952,6 +1938,11 @@ pub struct AgentDaemonSetPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -1985,7 +1976,7 @@ pub struct AgentDaemonSetPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2108,7 +2099,6 @@ pub struct AgentDaemonSetPodTemplateSpecContainersSecurityContextSeccompProfile /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2220,7 +2210,6 @@ pub struct AgentDaemonSetPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2305,10 +2294,8 @@ pub struct AgentDaemonSetPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2316,11 +2303,9 @@ pub struct AgentDaemonSetPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2375,7 +2360,6 @@ pub struct AgentDaemonSetPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2476,7 +2460,6 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2567,9 +2550,7 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersEnvValueFromConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2612,9 +2593,7 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersEnvValueFromSecretKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2643,9 +2622,7 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2660,9 +2637,7 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2943,7 +2918,6 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3091,7 +3065,6 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3162,11 +3135,9 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3189,6 +3160,11 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3221,7 +3197,7 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3344,7 +3320,6 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersSecurityContextSeccom /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3450,7 +3425,6 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3535,10 +3509,8 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3546,11 +3518,9 @@ pub struct AgentDaemonSetPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3585,9 +3555,7 @@ pub struct AgentDaemonSetPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3808,9 +3776,7 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3853,9 +3819,7 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3884,9 +3848,7 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3901,9 +3863,7 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4188,7 +4148,6 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4339,7 +4298,6 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4411,11 +4369,9 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4438,6 +4394,11 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4471,7 +4432,7 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4594,7 +4555,6 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersSecurityContextSeccompProf /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4706,7 +4666,6 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4791,10 +4750,8 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4802,11 +4759,9 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4825,11 +4780,9 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -4844,6 +4797,7 @@ pub struct AgentDaemonSetPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -4871,7 +4825,10 @@ pub struct AgentDaemonSetPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -4879,32 +4836,28 @@ pub struct AgentDaemonSetPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct AgentDaemonSetPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -4929,12 +4882,10 @@ pub struct AgentDaemonSetPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -4984,15 +4935,24 @@ pub struct AgentDaemonSetPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5060,7 +5020,6 @@ pub struct AgentDaemonSetPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5152,7 +5111,6 @@ pub struct AgentDaemonSetPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5186,7 +5144,6 @@ pub struct AgentDaemonSetPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5202,7 +5159,6 @@ pub struct AgentDaemonSetPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5213,7 +5169,6 @@ pub struct AgentDaemonSetPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5322,7 +5277,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5333,17 +5287,14 @@ pub struct AgentDaemonSetPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5378,11 +5329,24 @@ pub struct AgentDaemonSetPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5441,7 +5405,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5537,9 +5500,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5577,9 +5538,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5609,9 +5568,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -5678,9 +5635,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5774,7 +5729,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5785,17 +5739,14 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5808,7 +5759,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -5818,11 +5768,9 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -5836,7 +5784,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -5846,11 +5793,9 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDaemonSetPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -5953,7 +5898,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6082,7 +6027,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6139,9 +6083,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6167,7 +6109,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6229,9 +6170,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDaemonSetPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6245,6 +6183,39 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AgentDaemonSetPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6260,7 +6231,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6300,9 +6270,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6380,25 +6348,24 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDaemonSetPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6423,14 +6390,11 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6513,9 +6477,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6614,9 +6576,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -6701,7 +6661,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -6748,9 +6707,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6803,9 +6760,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6899,9 +6854,7 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6929,10 +6882,6 @@ pub struct AgentDaemonSetPodTemplateSpecVolumesVsphereVolume { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDaemonSetUpdateStrategy { /// Rolling update config params. Present only if type = "RollingUpdate". - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. Same as Deployment `strategy.rollingUpdate`. - /// See https://github.com/kubernetes/kubernetes/issues/35345 #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. @@ -6941,10 +6890,6 @@ pub struct AgentDaemonSetUpdateStrategy { } /// Rolling update config params. Present only if type = "RollingUpdate". -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. Same as Deployment `strategy.rollingUpdate`. -/// See https://github.com/kubernetes/kubernetes/issues/35345 #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDaemonSetUpdateStrategyRollingUpdate { /// The maximum number of nodes with an existing available DaemonSet pod that @@ -7124,9 +7069,11 @@ pub struct AgentDeploymentPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -7137,11 +7084,9 @@ pub struct AgentDeploymentPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -7156,6 +7101,7 @@ pub struct AgentDeploymentPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -7208,11 +7154,9 @@ pub struct AgentDeploymentPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -7237,7 +7181,6 @@ pub struct AgentDeploymentPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -7501,7 +7444,7 @@ pub struct AgentDeploymentPodTemplateSpecAffinityPodAffinityPreferredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7512,7 +7455,7 @@ pub struct AgentDeploymentPodTemplateSpecAffinityPodAffinityPreferredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7622,7 +7565,7 @@ pub struct AgentDeploymentPodTemplateSpecAffinityPodAffinityRequiredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7633,7 +7576,7 @@ pub struct AgentDeploymentPodTemplateSpecAffinityPodAffinityRequiredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7774,7 +7717,7 @@ pub struct AgentDeploymentPodTemplateSpecAffinityPodAntiAffinityPreferredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7785,7 +7728,7 @@ pub struct AgentDeploymentPodTemplateSpecAffinityPodAntiAffinityPreferredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7895,7 +7838,7 @@ pub struct AgentDeploymentPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7906,7 +7849,7 @@ pub struct AgentDeploymentPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -8212,9 +8155,7 @@ pub struct AgentDeploymentPodTemplateSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8257,9 +8198,7 @@ pub struct AgentDeploymentPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8288,9 +8227,7 @@ pub struct AgentDeploymentPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -8305,9 +8242,7 @@ pub struct AgentDeploymentPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -8592,7 +8527,6 @@ pub struct AgentDeploymentPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8743,7 +8677,6 @@ pub struct AgentDeploymentPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8815,11 +8748,9 @@ pub struct AgentDeploymentPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -8842,6 +8773,11 @@ pub struct AgentDeploymentPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -8875,7 +8811,7 @@ pub struct AgentDeploymentPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -8998,7 +8934,6 @@ pub struct AgentDeploymentPodTemplateSpecContainersSecurityContextSeccompProfile /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -9110,7 +9045,6 @@ pub struct AgentDeploymentPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9195,10 +9129,8 @@ pub struct AgentDeploymentPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -9206,11 +9138,9 @@ pub struct AgentDeploymentPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -9265,7 +9195,6 @@ pub struct AgentDeploymentPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -9366,7 +9295,6 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -9457,9 +9385,7 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersEnvValueFromConfigMa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9502,9 +9428,7 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersEnvValueFromSecretKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9533,9 +9457,7 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersEnvFromConfigMapRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -9550,9 +9472,7 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -9833,7 +9753,6 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9981,7 +9900,6 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -10052,11 +9970,9 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -10079,6 +9995,11 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -10111,7 +10032,7 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -10234,7 +10155,6 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersSecurityContextSecco /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -10340,7 +10260,6 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -10425,10 +10344,8 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -10436,11 +10353,9 @@ pub struct AgentDeploymentPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -10475,9 +10390,7 @@ pub struct AgentDeploymentPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10698,9 +10611,7 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersEnvValueFromConfigMapKeyR /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -10743,9 +10654,7 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersEnvValueFromSecretKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10774,9 +10683,7 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -10791,9 +10698,7 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -11078,7 +10983,6 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -11229,7 +11133,6 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -11301,11 +11204,9 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -11328,6 +11229,11 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -11361,7 +11267,7 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -11484,7 +11390,6 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersSecurityContextSeccompPro /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -11596,7 +11501,6 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -11681,10 +11585,8 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -11692,11 +11594,9 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -11715,11 +11615,9 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -11734,6 +11632,7 @@ pub struct AgentDeploymentPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -11761,7 +11660,10 @@ pub struct AgentDeploymentPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -11769,32 +11671,28 @@ pub struct AgentDeploymentPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct AgentDeploymentPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -11819,12 +11717,10 @@ pub struct AgentDeploymentPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -11874,15 +11770,24 @@ pub struct AgentDeploymentPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -11950,7 +11855,6 @@ pub struct AgentDeploymentPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -12042,7 +11946,6 @@ pub struct AgentDeploymentPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -12076,7 +11979,6 @@ pub struct AgentDeploymentPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -12092,7 +11994,6 @@ pub struct AgentDeploymentPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -12103,7 +12004,6 @@ pub struct AgentDeploymentPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -12212,7 +12112,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -12223,17 +12122,14 @@ pub struct AgentDeploymentPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -12268,11 +12164,24 @@ pub struct AgentDeploymentPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -12331,7 +12240,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -12427,9 +12335,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12467,9 +12373,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12499,9 +12403,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -12568,9 +12470,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12664,7 +12564,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -12675,17 +12574,14 @@ pub struct AgentDeploymentPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -12698,7 +12594,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -12708,11 +12603,9 @@ pub struct AgentDeploymentPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -12726,7 +12619,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -12736,11 +12628,9 @@ pub struct AgentDeploymentPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDeploymentPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -12843,7 +12733,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -12972,7 +12862,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -13029,9 +12918,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13057,7 +12944,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -13119,9 +13005,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDeploymentPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -13135,6 +13018,39 @@ pub struct AgentDeploymentPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AgentDeploymentPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -13150,7 +13066,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -13190,9 +13105,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13270,25 +13183,24 @@ pub struct AgentDeploymentPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDeploymentPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -13313,14 +13225,11 @@ pub struct AgentDeploymentPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -13403,9 +13312,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -13504,9 +13411,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -13591,7 +13496,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -13638,9 +13542,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13693,9 +13595,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13789,9 +13689,7 @@ pub struct AgentDeploymentPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13820,9 +13718,6 @@ pub struct AgentDeploymentPodTemplateSpecVolumesVsphereVolume { pub struct AgentDeploymentStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -13832,9 +13727,6 @@ pub struct AgentDeploymentStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentDeploymentStrategyRollingUpdate { /// The maximum number of pods that can be scheduled above the desired number of @@ -14005,7 +13897,6 @@ pub struct AgentHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -14072,7 +13963,6 @@ pub struct AgentHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -14185,17 +14075,14 @@ pub struct AgentHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -14260,7 +14147,6 @@ pub struct AgentHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -14274,7 +14160,6 @@ pub struct AgentHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -14528,9 +14413,11 @@ pub struct AgentStatefulSetPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -14541,11 +14428,9 @@ pub struct AgentStatefulSetPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -14560,6 +14445,7 @@ pub struct AgentStatefulSetPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -14612,11 +14498,9 @@ pub struct AgentStatefulSetPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -14641,7 +14525,6 @@ pub struct AgentStatefulSetPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -14905,7 +14788,7 @@ pub struct AgentStatefulSetPodTemplateSpecAffinityPodAffinityPreferredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -14916,7 +14799,7 @@ pub struct AgentStatefulSetPodTemplateSpecAffinityPodAffinityPreferredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -15026,7 +14909,7 @@ pub struct AgentStatefulSetPodTemplateSpecAffinityPodAffinityRequiredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -15037,7 +14920,7 @@ pub struct AgentStatefulSetPodTemplateSpecAffinityPodAffinityRequiredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -15178,7 +15061,7 @@ pub struct AgentStatefulSetPodTemplateSpecAffinityPodAntiAffinityPreferredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -15189,7 +15072,7 @@ pub struct AgentStatefulSetPodTemplateSpecAffinityPodAntiAffinityPreferredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -15299,7 +15182,7 @@ pub struct AgentStatefulSetPodTemplateSpecAffinityPodAntiAffinityRequiredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -15310,7 +15193,7 @@ pub struct AgentStatefulSetPodTemplateSpecAffinityPodAntiAffinityRequiredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -15616,9 +15499,7 @@ pub struct AgentStatefulSetPodTemplateSpecContainersEnvValueFromConfigMapKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -15661,9 +15542,7 @@ pub struct AgentStatefulSetPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -15692,9 +15571,7 @@ pub struct AgentStatefulSetPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -15709,9 +15586,7 @@ pub struct AgentStatefulSetPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -15996,7 +15871,6 @@ pub struct AgentStatefulSetPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -16147,7 +16021,6 @@ pub struct AgentStatefulSetPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -16219,11 +16092,9 @@ pub struct AgentStatefulSetPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -16246,6 +16117,11 @@ pub struct AgentStatefulSetPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -16279,7 +16155,7 @@ pub struct AgentStatefulSetPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -16402,7 +16278,6 @@ pub struct AgentStatefulSetPodTemplateSpecContainersSecurityContextSeccompProfil /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -16514,7 +16389,6 @@ pub struct AgentStatefulSetPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -16599,10 +16473,8 @@ pub struct AgentStatefulSetPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -16610,11 +16482,9 @@ pub struct AgentStatefulSetPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -16669,7 +16539,6 @@ pub struct AgentStatefulSetPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -16770,7 +16639,6 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -16861,9 +16729,7 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersEnvValueFromConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -16906,9 +16772,7 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersEnvValueFromSecretK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -16937,9 +16801,7 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersEnvFromConfigMapRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -16954,9 +16816,7 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -17237,7 +17097,6 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -17385,7 +17244,6 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersReadinessProbeGrpc /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -17456,11 +17314,9 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -17483,6 +17339,11 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -17515,7 +17376,7 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -17638,7 +17499,6 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersSecurityContextSecc /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -17744,7 +17604,6 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -17829,10 +17688,8 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -17840,11 +17697,9 @@ pub struct AgentStatefulSetPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -17879,9 +17734,7 @@ pub struct AgentStatefulSetPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -18102,9 +17955,7 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersEnvValueFromConfigMapKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -18147,9 +17998,7 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersEnvValueFromSecretKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -18178,9 +18027,7 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -18195,9 +18042,7 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -18482,7 +18327,6 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -18633,7 +18477,6 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -18705,11 +18548,9 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -18732,6 +18573,11 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -18765,7 +18611,7 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -18888,7 +18734,6 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersSecurityContextSeccompPr /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -19000,7 +18845,6 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -19085,10 +18929,8 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -19096,11 +18938,9 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -19119,11 +18959,9 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -19138,6 +18976,7 @@ pub struct AgentStatefulSetPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -19165,7 +19004,10 @@ pub struct AgentStatefulSetPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -19173,32 +19015,28 @@ pub struct AgentStatefulSetPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct AgentStatefulSetPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -19223,12 +19061,10 @@ pub struct AgentStatefulSetPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -19278,15 +19114,24 @@ pub struct AgentStatefulSetPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -19354,7 +19199,6 @@ pub struct AgentStatefulSetPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -19446,7 +19290,6 @@ pub struct AgentStatefulSetPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -19480,7 +19323,6 @@ pub struct AgentStatefulSetPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -19496,7 +19338,6 @@ pub struct AgentStatefulSetPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -19507,7 +19348,6 @@ pub struct AgentStatefulSetPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -19616,7 +19456,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -19627,17 +19466,14 @@ pub struct AgentStatefulSetPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -19672,11 +19508,24 @@ pub struct AgentStatefulSetPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -19735,7 +19584,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -19831,9 +19679,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -19871,9 +19717,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -19903,9 +19747,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -19972,9 +19814,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -20068,7 +19908,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -20079,17 +19918,14 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -20102,7 +19938,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -20112,11 +19947,9 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -20130,7 +19963,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -20140,11 +19972,9 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentStatefulSetPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -20247,7 +20077,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpe /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -20376,7 +20206,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -20433,9 +20262,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -20461,7 +20288,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -20523,9 +20349,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentStatefulSetPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -20539,6 +20362,39 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AgentStatefulSetPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -20554,7 +20410,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -20594,9 +20449,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -20674,25 +20527,24 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentStatefulSetPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -20717,14 +20569,11 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -20807,9 +20656,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -20908,9 +20755,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -20995,7 +20840,6 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -21042,9 +20886,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -21097,9 +20939,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -21193,9 +21033,7 @@ pub struct AgentStatefulSetPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -21334,7 +21172,7 @@ pub struct AgentStatefulSetVolumeClaimTemplatesSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -21474,7 +21312,6 @@ pub struct AgentStatefulSetVolumeClaimTemplatesStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// ClaimResourceStatus can be in any of following states: /// - ControllerResizeInProgress: /// State set when resize controller starts resizing the volume in control-plane. @@ -21496,13 +21333,11 @@ pub struct AgentStatefulSetVolumeClaimTemplatesStatus { /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" /// When this field is not set, it means that no resize operation is in progress for the given PVC. /// - /// /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] pub allocated_resource_statuses: Option>, @@ -21514,7 +21349,6 @@ pub struct AgentStatefulSetVolumeClaimTemplatesStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// Capacity reported here may be larger than the actual capacity when a volume expansion operation /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. @@ -21523,13 +21357,11 @@ pub struct AgentStatefulSetVolumeClaimTemplatesStatus { /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. /// - /// /// A controller that receives PVC update with previously unknown resourceName /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -21542,12 +21374,12 @@ pub struct AgentStatefulSetVolumeClaimTemplatesStatus { pub conditions: Option>, /// currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVolumeAttributesClassName")] pub current_volume_attributes_class_name: Option, /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "modifyVolumeStatus")] pub modify_volume_status: Option, /// phase represents the current phase of PersistentVolumeClaim. @@ -21557,7 +21389,7 @@ pub struct AgentStatefulSetVolumeClaimTemplatesStatus { /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. -/// This is an alpha field and requires enabling VolumeAttributesClass feature. +/// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentStatefulSetVolumeClaimTemplatesStatusModifyVolumeStatus { /// status is the status of the ControllerModifyVolume operation. It can be in any of following states: diff --git a/kube-custom-resources-rs/src/apm_k8s_elastic_co/v1/apmservers.rs b/kube-custom-resources-rs/src/apm_k8s_elastic_co/v1/apmservers.rs index c1a927bfc..fb2a547e7 100644 --- a/kube-custom-resources-rs/src/apm_k8s_elastic_co/v1/apmservers.rs +++ b/kube-custom-resources-rs/src/apm_k8s_elastic_co/v1/apmservers.rs @@ -169,7 +169,6 @@ pub struct ApmServerHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -236,7 +235,6 @@ pub struct ApmServerHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -349,17 +347,14 @@ pub struct ApmServerHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -424,7 +419,6 @@ pub struct ApmServerHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -438,7 +432,6 @@ pub struct ApmServerHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -623,9 +616,11 @@ pub struct ApmServerPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -636,11 +631,9 @@ pub struct ApmServerPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -655,6 +648,7 @@ pub struct ApmServerPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -707,11 +701,9 @@ pub struct ApmServerPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -736,7 +728,6 @@ pub struct ApmServerPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -1000,7 +991,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1011,7 +1002,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1121,7 +1112,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIg /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1132,7 +1123,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIg /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1273,7 +1264,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1284,7 +1275,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1394,7 +1385,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1405,7 +1396,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1711,9 +1702,7 @@ pub struct ApmServerPodTemplateSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1756,9 +1745,7 @@ pub struct ApmServerPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1787,9 +1774,7 @@ pub struct ApmServerPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1804,9 +1789,7 @@ pub struct ApmServerPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2091,7 +2074,6 @@ pub struct ApmServerPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2242,7 +2224,6 @@ pub struct ApmServerPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2314,11 +2295,9 @@ pub struct ApmServerPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2341,6 +2320,11 @@ pub struct ApmServerPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2374,7 +2358,7 @@ pub struct ApmServerPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2497,7 +2481,6 @@ pub struct ApmServerPodTemplateSpecContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2609,7 +2592,6 @@ pub struct ApmServerPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2694,10 +2676,8 @@ pub struct ApmServerPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2705,11 +2685,9 @@ pub struct ApmServerPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2764,7 +2742,6 @@ pub struct ApmServerPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2865,7 +2842,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2956,9 +2932,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersEnvValueFromConfigMapKeyRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3001,9 +2975,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3032,9 +3004,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3049,9 +3019,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3332,7 +3300,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3480,7 +3447,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3551,11 +3517,9 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3578,6 +3542,11 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3610,7 +3579,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3733,7 +3702,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersSecurityContextSeccompProf /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3839,7 +3807,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3924,10 +3891,8 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3935,11 +3900,9 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3974,9 +3937,7 @@ pub struct ApmServerPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4197,9 +4158,7 @@ pub struct ApmServerPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4242,9 +4201,7 @@ pub struct ApmServerPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4273,9 +4230,7 @@ pub struct ApmServerPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4290,9 +4245,7 @@ pub struct ApmServerPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4577,7 +4530,6 @@ pub struct ApmServerPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4728,7 +4680,6 @@ pub struct ApmServerPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4800,11 +4751,9 @@ pub struct ApmServerPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4827,6 +4776,11 @@ pub struct ApmServerPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4860,7 +4814,7 @@ pub struct ApmServerPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4983,7 +4937,6 @@ pub struct ApmServerPodTemplateSpecInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5095,7 +5048,6 @@ pub struct ApmServerPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5180,10 +5132,8 @@ pub struct ApmServerPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5191,11 +5141,9 @@ pub struct ApmServerPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5214,11 +5162,9 @@ pub struct ApmServerPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5233,6 +5179,7 @@ pub struct ApmServerPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5260,7 +5207,10 @@ pub struct ApmServerPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5268,32 +5218,28 @@ pub struct ApmServerPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ApmServerPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5318,12 +5264,10 @@ pub struct ApmServerPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5373,15 +5317,24 @@ pub struct ApmServerPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5449,7 +5402,6 @@ pub struct ApmServerPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5541,7 +5493,6 @@ pub struct ApmServerPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5575,7 +5526,6 @@ pub struct ApmServerPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5591,7 +5541,6 @@ pub struct ApmServerPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5602,7 +5551,6 @@ pub struct ApmServerPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5711,7 +5659,6 @@ pub struct ApmServerPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5722,17 +5669,14 @@ pub struct ApmServerPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5767,11 +5711,24 @@ pub struct ApmServerPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5830,7 +5787,6 @@ pub struct ApmServerPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5926,9 +5882,7 @@ pub struct ApmServerPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5966,9 +5920,7 @@ pub struct ApmServerPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5998,9 +5950,7 @@ pub struct ApmServerPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6067,9 +6017,7 @@ pub struct ApmServerPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6163,7 +6111,6 @@ pub struct ApmServerPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6174,17 +6121,14 @@ pub struct ApmServerPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6197,7 +6141,6 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6207,11 +6150,9 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6225,7 +6166,6 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6235,11 +6175,9 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApmServerPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6342,7 +6280,7 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6471,7 +6409,6 @@ pub struct ApmServerPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6528,9 +6465,7 @@ pub struct ApmServerPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6556,7 +6491,6 @@ pub struct ApmServerPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6618,9 +6552,6 @@ pub struct ApmServerPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApmServerPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6634,6 +6565,39 @@ pub struct ApmServerPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ApmServerPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6649,7 +6613,6 @@ pub struct ApmServerPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6689,9 +6652,7 @@ pub struct ApmServerPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6769,25 +6730,24 @@ pub struct ApmServerPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApmServerPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6812,14 +6772,11 @@ pub struct ApmServerPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6902,9 +6859,7 @@ pub struct ApmServerPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -7003,9 +6958,7 @@ pub struct ApmServerPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7090,7 +7043,6 @@ pub struct ApmServerPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7137,9 +7089,7 @@ pub struct ApmServerPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7192,9 +7142,7 @@ pub struct ApmServerPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7288,9 +7236,7 @@ pub struct ApmServerPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/apm_k8s_elastic_co/v1beta1/apmservers.rs b/kube-custom-resources-rs/src/apm_k8s_elastic_co/v1beta1/apmservers.rs index 87ea078b1..51381d8ff 100644 --- a/kube-custom-resources-rs/src/apm_k8s_elastic_co/v1beta1/apmservers.rs +++ b/kube-custom-resources-rs/src/apm_k8s_elastic_co/v1beta1/apmservers.rs @@ -143,7 +143,6 @@ pub struct ApmServerHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -210,7 +209,6 @@ pub struct ApmServerHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -323,17 +321,14 @@ pub struct ApmServerHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -398,7 +393,6 @@ pub struct ApmServerHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -412,7 +406,6 @@ pub struct ApmServerHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -570,9 +563,11 @@ pub struct ApmServerPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -583,11 +578,9 @@ pub struct ApmServerPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -602,6 +595,7 @@ pub struct ApmServerPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -654,11 +648,9 @@ pub struct ApmServerPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -683,7 +675,6 @@ pub struct ApmServerPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -947,7 +938,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -958,7 +949,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1068,7 +1059,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIg /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1079,7 +1070,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIg /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1220,7 +1211,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1231,7 +1222,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1341,7 +1332,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1352,7 +1343,7 @@ pub struct ApmServerPodTemplateSpecAffinityPodAntiAffinityRequiredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1658,9 +1649,7 @@ pub struct ApmServerPodTemplateSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1703,9 +1692,7 @@ pub struct ApmServerPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1734,9 +1721,7 @@ pub struct ApmServerPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1751,9 +1736,7 @@ pub struct ApmServerPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2038,7 +2021,6 @@ pub struct ApmServerPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2189,7 +2171,6 @@ pub struct ApmServerPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2261,11 +2242,9 @@ pub struct ApmServerPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2288,6 +2267,11 @@ pub struct ApmServerPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2321,7 +2305,7 @@ pub struct ApmServerPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2444,7 +2428,6 @@ pub struct ApmServerPodTemplateSpecContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2556,7 +2539,6 @@ pub struct ApmServerPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2641,10 +2623,8 @@ pub struct ApmServerPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2652,11 +2632,9 @@ pub struct ApmServerPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2711,7 +2689,6 @@ pub struct ApmServerPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2812,7 +2789,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2903,9 +2879,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersEnvValueFromConfigMapKeyRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2948,9 +2922,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2979,9 +2951,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2996,9 +2966,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3279,7 +3247,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3427,7 +3394,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3498,11 +3464,9 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3525,6 +3489,11 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3557,7 +3526,7 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3680,7 +3649,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersSecurityContextSeccompProf /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3786,7 +3754,6 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3871,10 +3838,8 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3882,11 +3847,9 @@ pub struct ApmServerPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3921,9 +3884,7 @@ pub struct ApmServerPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4144,9 +4105,7 @@ pub struct ApmServerPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4189,9 +4148,7 @@ pub struct ApmServerPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4220,9 +4177,7 @@ pub struct ApmServerPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4237,9 +4192,7 @@ pub struct ApmServerPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4524,7 +4477,6 @@ pub struct ApmServerPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4675,7 +4627,6 @@ pub struct ApmServerPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4747,11 +4698,9 @@ pub struct ApmServerPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4774,6 +4723,11 @@ pub struct ApmServerPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4807,7 +4761,7 @@ pub struct ApmServerPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4930,7 +4884,6 @@ pub struct ApmServerPodTemplateSpecInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5042,7 +4995,6 @@ pub struct ApmServerPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5127,10 +5079,8 @@ pub struct ApmServerPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5138,11 +5088,9 @@ pub struct ApmServerPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5161,11 +5109,9 @@ pub struct ApmServerPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5180,6 +5126,7 @@ pub struct ApmServerPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5207,7 +5154,10 @@ pub struct ApmServerPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5215,32 +5165,28 @@ pub struct ApmServerPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ApmServerPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5265,12 +5211,10 @@ pub struct ApmServerPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5320,15 +5264,24 @@ pub struct ApmServerPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5396,7 +5349,6 @@ pub struct ApmServerPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5488,7 +5440,6 @@ pub struct ApmServerPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5522,7 +5473,6 @@ pub struct ApmServerPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5538,7 +5488,6 @@ pub struct ApmServerPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5549,7 +5498,6 @@ pub struct ApmServerPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5658,7 +5606,6 @@ pub struct ApmServerPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5669,17 +5616,14 @@ pub struct ApmServerPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5714,11 +5658,24 @@ pub struct ApmServerPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5777,7 +5734,6 @@ pub struct ApmServerPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5873,9 +5829,7 @@ pub struct ApmServerPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5913,9 +5867,7 @@ pub struct ApmServerPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5945,9 +5897,7 @@ pub struct ApmServerPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6014,9 +5964,7 @@ pub struct ApmServerPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6110,7 +6058,6 @@ pub struct ApmServerPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6121,17 +6068,14 @@ pub struct ApmServerPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6144,7 +6088,6 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6154,11 +6097,9 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6172,7 +6113,6 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6182,11 +6122,9 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApmServerPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6289,7 +6227,7 @@ pub struct ApmServerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6418,7 +6356,6 @@ pub struct ApmServerPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6475,9 +6412,7 @@ pub struct ApmServerPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6503,7 +6438,6 @@ pub struct ApmServerPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6565,9 +6499,6 @@ pub struct ApmServerPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApmServerPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6581,6 +6512,39 @@ pub struct ApmServerPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ApmServerPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6596,7 +6560,6 @@ pub struct ApmServerPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6636,9 +6599,7 @@ pub struct ApmServerPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6716,25 +6677,24 @@ pub struct ApmServerPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApmServerPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6759,14 +6719,11 @@ pub struct ApmServerPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6849,9 +6806,7 @@ pub struct ApmServerPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6950,9 +6905,7 @@ pub struct ApmServerPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7037,7 +6990,6 @@ pub struct ApmServerPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7084,9 +7036,7 @@ pub struct ApmServerPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7139,9 +7089,7 @@ pub struct ApmServerPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7235,9 +7183,7 @@ pub struct ApmServerPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs index 4ae17d0e9..a480731bd 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs @@ -11636,6 +11636,9 @@ pub struct ComponentDefinitionVarsValueFromComponentVarRef { /// Reference to the replicas of the component. #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, + /// Reference to the short name of the Component object. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "shortName")] + pub short_name: Option, } /// Selects a defined var of a Component. @@ -11754,6 +11757,13 @@ pub enum ComponentDefinitionVarsValueFromComponentVarRefReplicas { Optional, } +/// Selects a defined var of a Component. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromComponentVarRefShortName { + Required, + Optional, +} + /// Selects a key of a ConfigMap. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionVarsValueFromConfigMapKeyRef { diff --git a/kube-custom-resources-rs/src/beat_k8s_elastic_co/v1beta1/beats.rs b/kube-custom-resources-rs/src/beat_k8s_elastic_co/v1beta1/beats.rs index 057a806bc..d45973913 100644 --- a/kube-custom-resources-rs/src/beat_k8s_elastic_co/v1beta1/beats.rs +++ b/kube-custom-resources-rs/src/beat_k8s_elastic_co/v1beta1/beats.rs @@ -219,9 +219,11 @@ pub struct BeatDaemonSetPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -232,11 +234,9 @@ pub struct BeatDaemonSetPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -251,6 +251,7 @@ pub struct BeatDaemonSetPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -303,11 +304,9 @@ pub struct BeatDaemonSetPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -332,7 +331,6 @@ pub struct BeatDaemonSetPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -596,7 +594,7 @@ pub struct BeatDaemonSetPodTemplateSpecAffinityPodAffinityPreferredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -607,7 +605,7 @@ pub struct BeatDaemonSetPodTemplateSpecAffinityPodAffinityPreferredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -717,7 +715,7 @@ pub struct BeatDaemonSetPodTemplateSpecAffinityPodAffinityRequiredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -728,7 +726,7 @@ pub struct BeatDaemonSetPodTemplateSpecAffinityPodAffinityRequiredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -869,7 +867,7 @@ pub struct BeatDaemonSetPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -880,7 +878,7 @@ pub struct BeatDaemonSetPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -990,7 +988,7 @@ pub struct BeatDaemonSetPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1001,7 +999,7 @@ pub struct BeatDaemonSetPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1307,9 +1305,7 @@ pub struct BeatDaemonSetPodTemplateSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1352,9 +1348,7 @@ pub struct BeatDaemonSetPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1383,9 +1377,7 @@ pub struct BeatDaemonSetPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1400,9 +1392,7 @@ pub struct BeatDaemonSetPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1687,7 +1677,6 @@ pub struct BeatDaemonSetPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1838,7 +1827,6 @@ pub struct BeatDaemonSetPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1910,11 +1898,9 @@ pub struct BeatDaemonSetPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1937,6 +1923,11 @@ pub struct BeatDaemonSetPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -1970,7 +1961,7 @@ pub struct BeatDaemonSetPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2093,7 +2084,6 @@ pub struct BeatDaemonSetPodTemplateSpecContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2205,7 +2195,6 @@ pub struct BeatDaemonSetPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2290,10 +2279,8 @@ pub struct BeatDaemonSetPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2301,11 +2288,9 @@ pub struct BeatDaemonSetPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2360,7 +2345,6 @@ pub struct BeatDaemonSetPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2461,7 +2445,6 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2552,9 +2535,7 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersEnvValueFromConfigMapK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2597,9 +2578,7 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersEnvValueFromSecretKeyR /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2628,9 +2607,7 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2645,9 +2622,7 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2928,7 +2903,6 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3076,7 +3050,6 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3147,11 +3120,9 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3174,6 +3145,11 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3206,7 +3182,7 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3329,7 +3305,6 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersSecurityContextSeccomp /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3435,7 +3410,6 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3520,10 +3494,8 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3531,11 +3503,9 @@ pub struct BeatDaemonSetPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3570,9 +3540,7 @@ pub struct BeatDaemonSetPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3793,9 +3761,7 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3838,9 +3804,7 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3869,9 +3833,7 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3886,9 +3848,7 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4173,7 +4133,6 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4324,7 +4283,6 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4396,11 +4354,9 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4423,6 +4379,11 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4456,7 +4417,7 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4579,7 +4540,6 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersSecurityContextSeccompProfi /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4691,7 +4651,6 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4776,10 +4735,8 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4787,11 +4744,9 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4810,11 +4765,9 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -4829,6 +4782,7 @@ pub struct BeatDaemonSetPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -4856,7 +4810,10 @@ pub struct BeatDaemonSetPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -4864,32 +4821,28 @@ pub struct BeatDaemonSetPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct BeatDaemonSetPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -4914,12 +4867,10 @@ pub struct BeatDaemonSetPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -4969,15 +4920,24 @@ pub struct BeatDaemonSetPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5045,7 +5005,6 @@ pub struct BeatDaemonSetPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5137,7 +5096,6 @@ pub struct BeatDaemonSetPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5171,7 +5129,6 @@ pub struct BeatDaemonSetPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5187,7 +5144,6 @@ pub struct BeatDaemonSetPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5198,7 +5154,6 @@ pub struct BeatDaemonSetPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5307,7 +5262,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5318,17 +5272,14 @@ pub struct BeatDaemonSetPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5363,11 +5314,24 @@ pub struct BeatDaemonSetPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5426,7 +5390,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5522,9 +5485,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5562,9 +5523,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5594,9 +5553,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -5663,9 +5620,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5759,7 +5714,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5770,17 +5724,14 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5793,7 +5744,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -5803,11 +5753,9 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -5821,7 +5769,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -5831,11 +5778,9 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDaemonSetPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -5938,7 +5883,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6067,7 +6012,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6124,9 +6068,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6152,7 +6094,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6214,9 +6155,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDaemonSetPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6230,6 +6168,39 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BeatDaemonSetPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6245,7 +6216,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6285,9 +6255,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6365,25 +6333,24 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDaemonSetPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6408,14 +6375,11 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6498,9 +6462,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6599,9 +6561,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -6686,7 +6646,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -6733,9 +6692,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6788,9 +6745,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6884,9 +6839,7 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6914,10 +6867,6 @@ pub struct BeatDaemonSetPodTemplateSpecVolumesVsphereVolume { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDaemonSetUpdateStrategy { /// Rolling update config params. Present only if type = "RollingUpdate". - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. Same as Deployment `strategy.rollingUpdate`. - /// See https://github.com/kubernetes/kubernetes/issues/35345 #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. @@ -6926,10 +6875,6 @@ pub struct BeatDaemonSetUpdateStrategy { } /// Rolling update config params. Present only if type = "RollingUpdate". -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. Same as Deployment `strategy.rollingUpdate`. -/// See https://github.com/kubernetes/kubernetes/issues/35345 #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDaemonSetUpdateStrategyRollingUpdate { /// The maximum number of nodes with an existing available DaemonSet pod that @@ -7109,9 +7054,11 @@ pub struct BeatDeploymentPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -7122,11 +7069,9 @@ pub struct BeatDeploymentPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -7141,6 +7086,7 @@ pub struct BeatDeploymentPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -7193,11 +7139,9 @@ pub struct BeatDeploymentPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -7222,7 +7166,6 @@ pub struct BeatDeploymentPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -7486,7 +7429,7 @@ pub struct BeatDeploymentPodTemplateSpecAffinityPodAffinityPreferredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7497,7 +7440,7 @@ pub struct BeatDeploymentPodTemplateSpecAffinityPodAffinityPreferredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7607,7 +7550,7 @@ pub struct BeatDeploymentPodTemplateSpecAffinityPodAffinityRequiredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7618,7 +7561,7 @@ pub struct BeatDeploymentPodTemplateSpecAffinityPodAffinityRequiredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7759,7 +7702,7 @@ pub struct BeatDeploymentPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7770,7 +7713,7 @@ pub struct BeatDeploymentPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7880,7 +7823,7 @@ pub struct BeatDeploymentPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7891,7 +7834,7 @@ pub struct BeatDeploymentPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -8197,9 +8140,7 @@ pub struct BeatDeploymentPodTemplateSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -8242,9 +8183,7 @@ pub struct BeatDeploymentPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -8273,9 +8212,7 @@ pub struct BeatDeploymentPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -8290,9 +8227,7 @@ pub struct BeatDeploymentPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -8577,7 +8512,6 @@ pub struct BeatDeploymentPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8728,7 +8662,6 @@ pub struct BeatDeploymentPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8800,11 +8733,9 @@ pub struct BeatDeploymentPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -8827,6 +8758,11 @@ pub struct BeatDeploymentPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -8860,7 +8796,7 @@ pub struct BeatDeploymentPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -8983,7 +8919,6 @@ pub struct BeatDeploymentPodTemplateSpecContainersSecurityContextSeccompProfile /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -9095,7 +9030,6 @@ pub struct BeatDeploymentPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9180,10 +9114,8 @@ pub struct BeatDeploymentPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -9191,11 +9123,9 @@ pub struct BeatDeploymentPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -9250,7 +9180,6 @@ pub struct BeatDeploymentPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -9351,7 +9280,6 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -9442,9 +9370,7 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersEnvValueFromConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9487,9 +9413,7 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersEnvValueFromSecretKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9518,9 +9442,7 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -9535,9 +9457,7 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -9818,7 +9738,6 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9966,7 +9885,6 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -10037,11 +9955,9 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -10064,6 +9980,11 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -10096,7 +10017,7 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -10219,7 +10140,6 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersSecurityContextSeccom /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -10325,7 +10245,6 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -10410,10 +10329,8 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -10421,11 +10338,9 @@ pub struct BeatDeploymentPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -10460,9 +10375,7 @@ pub struct BeatDeploymentPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -10683,9 +10596,7 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -10728,9 +10639,7 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -10759,9 +10668,7 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -10776,9 +10683,7 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -11063,7 +10968,6 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -11214,7 +11118,6 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -11286,11 +11189,9 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -11313,6 +11214,11 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -11346,7 +11252,7 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -11469,7 +11375,6 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersSecurityContextSeccompProf /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -11581,7 +11486,6 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -11666,10 +11570,8 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -11677,11 +11579,9 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -11700,11 +11600,9 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -11719,6 +11617,7 @@ pub struct BeatDeploymentPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -11746,7 +11645,10 @@ pub struct BeatDeploymentPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -11754,32 +11656,28 @@ pub struct BeatDeploymentPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct BeatDeploymentPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -11804,12 +11702,10 @@ pub struct BeatDeploymentPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -11859,15 +11755,24 @@ pub struct BeatDeploymentPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -11935,7 +11840,6 @@ pub struct BeatDeploymentPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -12027,7 +11931,6 @@ pub struct BeatDeploymentPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -12061,7 +11964,6 @@ pub struct BeatDeploymentPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -12077,7 +11979,6 @@ pub struct BeatDeploymentPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -12088,7 +11989,6 @@ pub struct BeatDeploymentPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -12197,7 +12097,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -12208,17 +12107,14 @@ pub struct BeatDeploymentPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -12253,11 +12149,24 @@ pub struct BeatDeploymentPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -12316,7 +12225,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -12412,9 +12320,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12452,9 +12358,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12484,9 +12388,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -12553,9 +12455,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -12649,7 +12549,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -12660,17 +12559,14 @@ pub struct BeatDeploymentPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -12683,7 +12579,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -12693,11 +12588,9 @@ pub struct BeatDeploymentPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -12711,7 +12604,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -12721,11 +12613,9 @@ pub struct BeatDeploymentPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDeploymentPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -12828,7 +12718,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -12957,7 +12847,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -13014,9 +12903,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13042,7 +12929,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -13104,9 +12990,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDeploymentPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -13120,6 +13003,39 @@ pub struct BeatDeploymentPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BeatDeploymentPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -13135,7 +13051,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -13175,9 +13090,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13255,25 +13168,24 @@ pub struct BeatDeploymentPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDeploymentPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -13298,14 +13210,11 @@ pub struct BeatDeploymentPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -13388,9 +13297,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -13489,9 +13396,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -13576,7 +13481,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -13623,9 +13527,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13678,9 +13580,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13774,9 +13674,7 @@ pub struct BeatDeploymentPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -13805,9 +13703,6 @@ pub struct BeatDeploymentPodTemplateSpecVolumesVsphereVolume { pub struct BeatDeploymentStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -13817,9 +13712,6 @@ pub struct BeatDeploymentStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BeatDeploymentStrategyRollingUpdate { /// The maximum number of pods that can be scheduled above the desired number of diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephnfses.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephnfses.rs index 758f0ccad..7edb7bcd6 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephnfses.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephnfses.rs @@ -551,7 +551,8 @@ pub struct CephNFSSecuritySssd { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CephNFSSecuritySssdSidecar { /// AdditionalFiles defines any number of additional files that should be mounted into the SSSD - /// sidecar. These files may be referenced by the sssd.conf config file. + /// sidecar with a directory root of `/etc/sssd/rook-additional/`. + /// These files may be referenced by the sssd.conf config file. #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalFiles")] pub additional_files: Option>, /// DebugLevel sets the debug level for SSSD. If unset or set to 0, Rook does nothing. Otherwise, @@ -573,12 +574,14 @@ pub struct CephNFSSecuritySssdSidecar { pub sssd_config_file: Option, } -/// SSSDSidecarAdditionalFile represents the source from where additional files for the the SSSD -/// configuration should come from and are made available. +/// AdditionalVolumeMount represents the source from where additional files in pod containers +/// should come from and what subdirectory they are made available in. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CephNFSSecuritySssdSidecarAdditionalFiles { - /// SubPath defines the sub-path in `/etc/sssd/rook-additional/` where the additional file(s) - /// will be placed. Each subPath definition must be unique and must not contain ':'. + /// SubPath defines the sub-path (subdirectory) of the directory root where the volumeSource will + /// be mounted. All files/keys in the volume source's volume will be mounted to the subdirectory. + /// This is not the same as the Kubernetes `subPath` volume mount option. + /// Each subPath definition must be unique and must not contain ':'. #[serde(rename = "subPath")] pub sub_path: String, #[serde(rename = "volumeSource")] diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs index d95e88d5b..3c6ae8dbc 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs @@ -284,6 +284,12 @@ pub struct CephObjectStoreDataPoolStatusCheckMirror { /// The rgw pod info #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CephObjectStoreGateway { + /// AdditionalVolumeMounts allows additional volumes to be mounted to the RGW pod. + /// The root directory for each additional volume mount is `/var/rgw`. + /// Example: for an additional mount at subPath `ldap`, mounted from a secret that has key + /// `bindpass.secret`, the file would reside at `/var/rgw/ldap/bindpass.secret`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalVolumeMounts")] + pub additional_volume_mounts: Option>, /// The annotations-related configuration to add/set on each Pod related object. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, @@ -336,6 +342,229 @@ pub struct CephObjectStoreGateway { pub ssl_certificate_ref: Option, } +/// AdditionalVolumeMount represents the source from where additional files in pod containers +/// should come from and what subdirectory they are made available in. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMounts { + /// SubPath defines the sub-path (subdirectory) of the directory root where the volumeSource will + /// be mounted. All files/keys in the volume source's volume will be mounted to the subdirectory. + /// This is not the same as the Kubernetes `subPath` volume mount option. + /// Each subPath definition must be unique and must not contain ':'. + #[serde(rename = "subPath")] + pub sub_path: String, + #[serde(rename = "volumeSource")] + pub volume_source: CephObjectStoreGatewayAdditionalVolumeMountsVolumeSource, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSource { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] + pub host_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub projected: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceConfigMapItems { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + pub path: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceHostPath { + pub path: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourcePersistentVolumeClaim { + #[serde(rename = "claimName")] + pub claim_name: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjected { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sources: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSources { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterTrustBundle")] + pub cluster_trust_bundle: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] + pub service_account_token: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesClusterTrustBundle { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + pub path: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signerName")] + pub signer_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesClusterTrustBundleLabelSelector { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesClusterTrustBundleLabelSelectorMatchExpressions { + pub key: String, + pub operator: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesConfigMapItems { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + pub path: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesDownwardApi { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesDownwardApiItems { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + pub path: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesDownwardApiItemsFieldRef { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesDownwardApiItemsResourceFieldRef { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + pub resource: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesSecret { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesSecretItems { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + pub path: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceProjectedSourcesServiceAccountToken { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audience: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] + pub expiration_seconds: Option, + pub path: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CephObjectStoreGatewayAdditionalVolumeMountsVolumeSourceSecretItems { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + pub path: String, +} + /// EndpointAddress is a tuple that describes a single IP address or host name. This is a subset of /// Kubernetes's v1.EndpointAddress. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs index 538f605be..8448789fc 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs @@ -628,7 +628,8 @@ pub struct ConfigurationCatchWaitForJsonPath { /// Path defines the json path to wait for, e.g. '{.status.phase}'. pub path: String, /// Value defines the expected value to wait for, e.g., "Running". - pub value: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } /// Clusters holds a registry to clusters to support multi-cluster tests. diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs index 7158d762e..a7352937a 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs @@ -627,7 +627,8 @@ pub struct TestCatchWaitForJsonPath { /// Path defines the json path to wait for, e.g. '{.status.phase}'. pub path: String, /// Value defines the expected value to wait for, e.g., "Running". - pub value: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } /// Clusters holds a registry to clusters to support multi-cluster tests. @@ -1267,7 +1268,8 @@ pub struct TestStepsCatchWaitForJsonPath { /// Path defines the json path to wait for, e.g. '{.status.phase}'. pub path: String, /// Value defines the expected value to wait for, e.g., "Running". - pub value: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } /// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. @@ -1813,7 +1815,8 @@ pub struct TestStepsCleanupWaitForJsonPath { /// Path defines the json path to wait for, e.g. '{.status.phase}'. pub path: String, /// Value defines the expected value to wait for, e.g., "Running". - pub value: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } /// Clusters holds a registry to clusters to support multi-cluster tests. @@ -2378,7 +2381,8 @@ pub struct TestStepsFinallyWaitForJsonPath { /// Path defines the json path to wait for, e.g. '{.status.phase}'. pub path: String, /// Value defines the expected value to wait for, e.g., "Running". - pub value: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } /// Timeouts for the test step. Overrides the global timeouts set in the Configuration and the timeouts eventually set in the Test. @@ -3452,7 +3456,8 @@ pub struct TestStepsTryWaitForJsonPath { /// Path defines the json path to wait for, e.g. '{.status.phase}'. pub path: String, /// Value defines the expected value to wait for, e.g., "Running". - pub value: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } /// Use defines a reference to a step template. diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs index 089af262a..954015540 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs @@ -658,7 +658,8 @@ pub struct ConfigurationErrorCatchWaitForJsonPath { /// Path defines the json path to wait for, e.g. '{.status.phase}'. pub path: String, /// Value defines the expected value to wait for, e.g., "Running". - pub value: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } /// Execution contains tests execution configuration. diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs index 07ef6b37c..59837cf75 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs @@ -654,7 +654,8 @@ pub struct TestErrorCatchWaitForJsonPath { /// Path defines the json path to wait for, e.g. '{.status.phase}'. pub path: String, /// Value defines the expected value to wait for, e.g., "Running". - pub value: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } /// Execution contains tests execution configuration. diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs index d84e1d5a1..ac62f3574 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs @@ -407,7 +407,8 @@ pub struct CiliumClusterwideNetworkPolicyEgressToPortsRulesHttp { /// Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, - /// Host is an extended POSIX regex matched against the host header of a request, e.g. "foo.com" + /// Host is an extended POSIX regex matched against the host header of a request. Examples: + /// - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\.bar\.com will only match the host foo.bar.com /// If omitted or empty, the value of the host header is ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, @@ -1333,7 +1334,8 @@ pub struct CiliumClusterwideNetworkPolicyIngressToPortsRulesHttp { /// Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, - /// Host is an extended POSIX regex matched against the host header of a request, e.g. "foo.com" + /// Host is an extended POSIX regex matched against the host header of a request. Examples: + /// - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\.bar\.com will only match the host foo.bar.com /// If omitted or empty, the value of the host header is ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, @@ -2121,7 +2123,8 @@ pub struct CiliumClusterwideNetworkPolicysEgressToPortsRulesHttp { /// Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, - /// Host is an extended POSIX regex matched against the host header of a request, e.g. "foo.com" + /// Host is an extended POSIX regex matched against the host header of a request. Examples: + /// - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\.bar\.com will only match the host foo.bar.com /// If omitted or empty, the value of the host header is ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, @@ -3047,7 +3050,8 @@ pub struct CiliumClusterwideNetworkPolicysIngressToPortsRulesHttp { /// Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, - /// Host is an extended POSIX regex matched against the host header of a request, e.g. "foo.com" + /// Host is an extended POSIX regex matched against the host header of a request. Examples: + /// - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\.bar\.com will only match the host foo.bar.com /// If omitted or empty, the value of the host header is ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs index 85392b133..9db8a2061 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs @@ -408,7 +408,8 @@ pub struct CiliumNetworkPolicyEgressToPortsRulesHttp { /// Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, - /// Host is an extended POSIX regex matched against the host header of a request, e.g. "foo.com" + /// Host is an extended POSIX regex matched against the host header of a request. Examples: + /// - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\.bar\.com will only match the host foo.bar.com /// If omitted or empty, the value of the host header is ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, @@ -1334,7 +1335,8 @@ pub struct CiliumNetworkPolicyIngressToPortsRulesHttp { /// Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, - /// Host is an extended POSIX regex matched against the host header of a request, e.g. "foo.com" + /// Host is an extended POSIX regex matched against the host header of a request. Examples: + /// - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\.bar\.com will only match the host foo.bar.com /// If omitted or empty, the value of the host header is ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, @@ -2122,7 +2124,8 @@ pub struct CiliumNetworkPolicysEgressToPortsRulesHttp { /// Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, - /// Host is an extended POSIX regex matched against the host header of a request, e.g. "foo.com" + /// Host is an extended POSIX regex matched against the host header of a request. Examples: + /// - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\.bar\.com will only match the host foo.bar.com /// If omitted or empty, the value of the host header is ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, @@ -3048,7 +3051,8 @@ pub struct CiliumNetworkPolicysIngressToPortsRulesHttp { /// Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, - /// Host is an extended POSIX regex matched against the host header of a request, e.g. "foo.com" + /// Host is an extended POSIX regex matched against the host header of a request. Examples: + /// - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo\.bar\.com will only match the host foo.bar.com /// If omitted or empty, the value of the host header is ignored. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, diff --git a/kube-custom-resources-rs/src/core_kubeadmiral_io/v1alpha1/clusteroverridepolicies.rs b/kube-custom-resources-rs/src/core_kubeadmiral_io/v1alpha1/clusteroverridepolicies.rs index e915f52bf..54f057f66 100644 --- a/kube-custom-resources-rs/src/core_kubeadmiral_io/v1alpha1/clusteroverridepolicies.rs +++ b/kube-custom-resources-rs/src/core_kubeadmiral_io/v1alpha1/clusteroverridepolicies.rs @@ -7,6 +7,7 @@ mod prelude { pub use kube::CustomResource; pub use serde::{Serialize, Deserialize}; pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; } use self::prelude::*; @@ -44,6 +45,9 @@ pub struct ClusterOverridePolicyOverrideRulesOverriders { /// Command specifies overriders that apply to the container commands. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, + /// Envs specifies overriders that apply to the container envs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub envs: Option>, /// Image specifies the overriders that apply to the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option>, @@ -120,6 +124,108 @@ pub enum ClusterOverridePolicyOverrideRulesOverridersCommandOperator { Delete, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOverridePolicyOverrideRulesOverridersEnvs { + /// ContainerName targets the specified container or init container in the pod template. + #[serde(rename = "containerName")] + pub container_name: String, + /// Operator specifies the operation. If omitted, defaults to "overwrite". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// List of environment variables to set in the container. + pub value: Vec, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterOverridePolicyOverrideRulesOverridersEnvsOperator { + #[serde(rename = "addIfAbsent")] + AddIfAbsent, + #[serde(rename = "overwrite")] + Overwrite, + #[serde(rename = "delete")] + Delete, +} + +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOverridePolicyOverrideRulesOverridersEnvsValue { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOverridePolicyOverrideRulesOverridersEnvsValueValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOverridePolicyOverrideRulesOverridersEnvsValueValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOverridePolicyOverrideRulesOverridersEnvsValueValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOverridePolicyOverrideRulesOverridersEnvsValueValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterOverridePolicyOverrideRulesOverridersEnvsValueValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyOverrideRulesOverridersImage { /// ContainerNames are ignored when ImagePath is set. If empty, the image override rule applies to all containers. Otherwise, this override targets the specified container(s) or init container(s) in the pod template. diff --git a/kube-custom-resources-rs/src/core_kubeadmiral_io/v1alpha1/overridepolicies.rs b/kube-custom-resources-rs/src/core_kubeadmiral_io/v1alpha1/overridepolicies.rs index 1402662ee..9ead96076 100644 --- a/kube-custom-resources-rs/src/core_kubeadmiral_io/v1alpha1/overridepolicies.rs +++ b/kube-custom-resources-rs/src/core_kubeadmiral_io/v1alpha1/overridepolicies.rs @@ -7,6 +7,7 @@ mod prelude { pub use kube::CustomResource; pub use serde::{Serialize, Deserialize}; pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; } use self::prelude::*; @@ -45,6 +46,9 @@ pub struct OverridePolicyOverrideRulesOverriders { /// Command specifies overriders that apply to the container commands. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, + /// Envs specifies overriders that apply to the container envs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub envs: Option>, /// Image specifies the overriders that apply to the image. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option>, @@ -121,6 +125,108 @@ pub enum OverridePolicyOverrideRulesOverridersCommandOperator { Delete, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OverridePolicyOverrideRulesOverridersEnvs { + /// ContainerName targets the specified container or init container in the pod template. + #[serde(rename = "containerName")] + pub container_name: String, + /// Operator specifies the operation. If omitted, defaults to "overwrite". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// List of environment variables to set in the container. + pub value: Vec, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum OverridePolicyOverrideRulesOverridersEnvsOperator { + #[serde(rename = "addIfAbsent")] + AddIfAbsent, + #[serde(rename = "overwrite")] + Overwrite, + #[serde(rename = "delete")] + Delete, +} + +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OverridePolicyOverrideRulesOverridersEnvsValue { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OverridePolicyOverrideRulesOverridersEnvsValueValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OverridePolicyOverrideRulesOverridersEnvsValueValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OverridePolicyOverrideRulesOverridersEnvsValueValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OverridePolicyOverrideRulesOverridersEnvsValueValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct OverridePolicyOverrideRulesOverridersEnvsValueValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyOverrideRulesOverridersImage { /// ContainerNames are ignored when ImagePath is set. If empty, the image override rule applies to all containers. Otherwise, this override targets the specified container(s) or init container(s) in the pod template. diff --git a/kube-custom-resources-rs/src/elasticsearch_k8s_elastic_co/v1/elasticsearches.rs b/kube-custom-resources-rs/src/elasticsearch_k8s_elastic_co/v1/elasticsearches.rs index b6414a66f..fd901ee89 100644 --- a/kube-custom-resources-rs/src/elasticsearch_k8s_elastic_co/v1/elasticsearches.rs +++ b/kube-custom-resources-rs/src/elasticsearch_k8s_elastic_co/v1/elasticsearches.rs @@ -189,7 +189,6 @@ pub struct ElasticsearchHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -256,7 +255,6 @@ pub struct ElasticsearchHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -369,17 +367,14 @@ pub struct ElasticsearchHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -444,7 +439,6 @@ pub struct ElasticsearchHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -458,7 +452,6 @@ pub struct ElasticsearchHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -724,9 +717,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -737,11 +732,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -756,6 +749,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -808,11 +802,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -837,7 +829,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -1101,7 +1092,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAffinityPreferredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1112,7 +1103,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAffinityPreferredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1222,7 +1213,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAffinityRequiredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1233,7 +1224,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAffinityRequiredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1374,7 +1365,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAntiAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1385,7 +1376,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAntiAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1495,7 +1486,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAntiAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1506,7 +1497,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAntiAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1812,9 +1803,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersEnvValueFromConfigMapKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1857,9 +1846,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersEnvValueFromSecretKeyRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1888,9 +1875,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1905,9 +1890,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2192,7 +2175,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2343,7 +2325,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2415,11 +2396,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2442,6 +2421,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2475,7 +2459,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2598,7 +2582,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersSecurityContextSeccompP /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2710,7 +2693,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2795,10 +2777,8 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2806,11 +2786,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2865,7 +2843,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2966,7 +2943,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -3057,9 +3033,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersEnvValueFromCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3102,9 +3076,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersEnvValueFromSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3133,9 +3105,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersEnvFromConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3150,9 +3120,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersEnvFromSecretR /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3433,7 +3401,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersLivenessProbeG /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3581,7 +3548,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersReadinessProbe /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3652,11 +3618,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3679,6 +3643,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersResourcesClaim /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3711,7 +3680,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersSecurityContex #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3834,7 +3803,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersSecurityContex /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3940,7 +3908,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersStartupProbeGr /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4025,10 +3992,8 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4036,11 +4001,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4075,9 +4038,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4298,9 +4259,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersEnvValueFromConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4343,9 +4302,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersEnvValueFromSecretK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4374,9 +4331,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersEnvFromConfigMapRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4391,9 +4346,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4678,7 +4631,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4829,7 +4781,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersReadinessProbeGrpc /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4901,11 +4852,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4928,6 +4877,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4961,7 +4915,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -5084,7 +5038,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersSecurityContextSecc /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5196,7 +5149,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5281,10 +5233,8 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5292,11 +5242,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5315,11 +5263,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5334,6 +5280,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5361,7 +5308,10 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5369,32 +5319,28 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ElasticsearchNodeSetsPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5419,12 +5365,10 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5474,15 +5418,24 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5550,7 +5503,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5642,7 +5594,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5676,7 +5627,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5692,7 +5642,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5703,7 +5652,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5812,7 +5760,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5823,17 +5770,14 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5868,11 +5812,24 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5931,7 +5888,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6027,9 +5983,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6067,9 +6021,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6099,9 +6051,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6168,9 +6118,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6264,7 +6212,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6275,17 +6222,14 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6298,7 +6242,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6308,11 +6251,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6326,7 +6267,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6336,11 +6276,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6443,7 +6381,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeralVolumeClaimTempla /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6572,7 +6510,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6629,9 +6566,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6657,7 +6592,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6719,9 +6653,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6735,6 +6666,39 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6750,7 +6714,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6790,9 +6753,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6870,25 +6831,24 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6913,14 +6873,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -7003,9 +6960,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjectedSourcesConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -7104,9 +7059,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7191,7 +7144,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7238,9 +7190,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7293,9 +7243,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7389,9 +7337,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7530,7 +7476,7 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -7670,7 +7616,6 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// ClaimResourceStatus can be in any of following states: /// - ControllerResizeInProgress: /// State set when resize controller starts resizing the volume in control-plane. @@ -7692,13 +7637,11 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" /// When this field is not set, it means that no resize operation is in progress for the given PVC. /// - /// /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] pub allocated_resource_statuses: Option>, @@ -7710,7 +7653,6 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// Capacity reported here may be larger than the actual capacity when a volume expansion operation /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. @@ -7719,13 +7661,11 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. /// - /// /// A controller that receives PVC update with previously unknown resourceName /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -7738,12 +7678,12 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { pub conditions: Option>, /// currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVolumeAttributesClassName")] pub current_volume_attributes_class_name: Option, /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "modifyVolumeStatus")] pub modify_volume_status: Option, /// phase represents the current phase of PersistentVolumeClaim. @@ -7753,7 +7693,7 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. -/// This is an alpha field and requires enabling VolumeAttributesClass feature. +/// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatusModifyVolumeStatus { /// status is the status of the ControllerModifyVolume operation. It can be in any of following states: @@ -7828,30 +7768,25 @@ pub struct ElasticsearchPodDisruptionBudgetSpec { /// should be considered for eviction. Current implementation considers healthy pods, /// as pods that have status.conditions item with type="Ready",status="True". /// - /// /// Valid policies are IfHealthyBudget and AlwaysAllow. /// If no policy is specified, the default behavior will be used, /// which corresponds to the IfHealthyBudget policy. /// - /// /// IfHealthyBudget policy means that running pods (status.phase="Running"), /// but not yet healthy can be evicted only if the guarded application is not /// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). /// Healthy pods will be subject to the PDB for eviction. /// - /// /// AlwaysAllow policy means that all running pods (status.phase="Running"), /// but not yet healthy are considered disrupted and can be evicted regardless /// of whether the criteria in a PDB is met. This means perspective running /// pods of a disrupted application might not get a chance to become healthy. /// Healthy pods will be subject to the PDB for eviction. /// - /// /// Additional policies may be added in the future. /// Clients making eviction decisions should disallow eviction of unhealthy pods /// if they encounter an unrecognized policy in this field. /// - /// /// This field is beta-level. The eviction API uses this field when /// the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "unhealthyPodEvictionPolicy")] @@ -8029,7 +7964,6 @@ pub struct ElasticsearchTransportServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -8096,7 +8030,6 @@ pub struct ElasticsearchTransportServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -8209,17 +8142,14 @@ pub struct ElasticsearchTransportServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -8285,7 +8215,6 @@ pub struct ElasticsearchTransportTls { /// and private key for generating node certificates. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The CA certificate in PEM format. /// - `ca.key`: The private key for the CA certificate in PEM format. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -8312,7 +8241,6 @@ pub struct ElasticsearchTransportTls { /// and private key for generating node certificates. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The CA certificate in PEM format. /// - `ca.key`: The private key for the CA certificate in PEM format. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/elasticsearch_k8s_elastic_co/v1beta1/elasticsearches.rs b/kube-custom-resources-rs/src/elasticsearch_k8s_elastic_co/v1beta1/elasticsearches.rs index 0eee8809d..a1b3c43b0 100644 --- a/kube-custom-resources-rs/src/elasticsearch_k8s_elastic_co/v1beta1/elasticsearches.rs +++ b/kube-custom-resources-rs/src/elasticsearch_k8s_elastic_co/v1beta1/elasticsearches.rs @@ -133,7 +133,6 @@ pub struct ElasticsearchHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -200,7 +199,6 @@ pub struct ElasticsearchHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -313,17 +311,14 @@ pub struct ElasticsearchHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -388,7 +383,6 @@ pub struct ElasticsearchHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -402,7 +396,6 @@ pub struct ElasticsearchHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -585,9 +578,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -598,11 +593,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -617,6 +610,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -669,11 +663,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -698,7 +690,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -962,7 +953,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAffinityPreferredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -973,7 +964,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAffinityPreferredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1083,7 +1074,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAffinityRequiredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1094,7 +1085,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAffinityRequiredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1235,7 +1226,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAntiAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1246,7 +1237,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAntiAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1356,7 +1347,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAntiAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1367,7 +1358,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecAffinityPodAntiAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1673,9 +1664,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersEnvValueFromConfigMapKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1718,9 +1707,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersEnvValueFromSecretKeyRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1749,9 +1736,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1766,9 +1751,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2053,7 +2036,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2204,7 +2186,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2276,11 +2257,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2303,6 +2282,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2336,7 +2320,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2459,7 +2443,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersSecurityContextSeccompP /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2571,7 +2554,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2656,10 +2638,8 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2667,11 +2647,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2726,7 +2704,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2827,7 +2804,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2918,9 +2894,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersEnvValueFromCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2963,9 +2937,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersEnvValueFromSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2994,9 +2966,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersEnvFromConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3011,9 +2981,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersEnvFromSecretR /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3294,7 +3262,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersLivenessProbeG /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3442,7 +3409,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersReadinessProbe /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3513,11 +3479,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3540,6 +3504,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersResourcesClaim /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3572,7 +3541,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersSecurityContex #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3695,7 +3664,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersSecurityContex /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3801,7 +3769,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersStartupProbeGr /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3886,10 +3853,8 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3897,11 +3862,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3936,9 +3899,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4159,9 +4120,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersEnvValueFromConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4204,9 +4163,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersEnvValueFromSecretK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4235,9 +4192,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersEnvFromConfigMapRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4252,9 +4207,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4539,7 +4492,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4690,7 +4642,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersReadinessProbeGrpc /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4762,11 +4713,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4789,6 +4738,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4822,7 +4776,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4945,7 +4899,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersSecurityContextSecc /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5057,7 +5010,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5142,10 +5094,8 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5153,11 +5103,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5176,11 +5124,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5195,6 +5141,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5222,7 +5169,10 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5230,32 +5180,28 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ElasticsearchNodeSetsPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5280,12 +5226,10 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5335,15 +5279,24 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5411,7 +5364,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5503,7 +5455,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5537,7 +5488,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5553,7 +5503,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5564,7 +5513,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5673,7 +5621,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5684,17 +5631,14 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5729,11 +5673,24 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5792,7 +5749,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5888,9 +5844,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5928,9 +5882,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5960,9 +5912,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6029,9 +5979,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6125,7 +6073,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6136,17 +6083,14 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6159,7 +6103,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6169,11 +6112,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6187,7 +6128,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6197,11 +6137,9 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6304,7 +6242,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesEphemeralVolumeClaimTempla /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6433,7 +6371,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6490,9 +6427,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6518,7 +6453,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6580,9 +6514,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6596,6 +6527,39 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6611,7 +6575,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6651,9 +6614,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6731,25 +6692,24 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6774,14 +6734,11 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6864,9 +6821,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjectedSourcesConfigMap /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6965,9 +6920,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7052,7 +7005,6 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7099,9 +7051,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7154,9 +7104,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7250,9 +7198,7 @@ pub struct ElasticsearchNodeSetsPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7391,7 +7337,7 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -7531,7 +7477,6 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// ClaimResourceStatus can be in any of following states: /// - ControllerResizeInProgress: /// State set when resize controller starts resizing the volume in control-plane. @@ -7553,13 +7498,11 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" /// When this field is not set, it means that no resize operation is in progress for the given PVC. /// - /// /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] pub allocated_resource_statuses: Option>, @@ -7571,7 +7514,6 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered /// reserved and hence may not be used. /// - /// /// Capacity reported here may be larger than the actual capacity when a volume expansion operation /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. @@ -7580,13 +7522,11 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. /// - /// /// A controller that receives PVC update with previously unknown resourceName /// should ignore the update for the purpose it was designed. For example - a controller that /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid /// resources associated with PVC. /// - /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -7599,12 +7539,12 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { pub conditions: Option>, /// currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVolumeAttributesClassName")] pub current_volume_attributes_class_name: Option, /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. - /// This is an alpha field and requires enabling VolumeAttributesClass feature. + /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "modifyVolumeStatus")] pub modify_volume_status: Option, /// phase represents the current phase of PersistentVolumeClaim. @@ -7614,7 +7554,7 @@ pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatus { /// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. /// When this is unset, there is no ModifyVolume operation being attempted. -/// This is an alpha field and requires enabling VolumeAttributesClass feature. +/// This is a beta field and requires enabling VolumeAttributesClass feature (off by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticsearchNodeSetsVolumeClaimTemplatesStatusModifyVolumeStatus { /// status is the status of the ControllerModifyVolume operation. It can be in any of following states: @@ -7689,30 +7629,25 @@ pub struct ElasticsearchPodDisruptionBudgetSpec { /// should be considered for eviction. Current implementation considers healthy pods, /// as pods that have status.conditions item with type="Ready",status="True". /// - /// /// Valid policies are IfHealthyBudget and AlwaysAllow. /// If no policy is specified, the default behavior will be used, /// which corresponds to the IfHealthyBudget policy. /// - /// /// IfHealthyBudget policy means that running pods (status.phase="Running"), /// but not yet healthy can be evicted only if the guarded application is not /// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). /// Healthy pods will be subject to the PDB for eviction. /// - /// /// AlwaysAllow policy means that all running pods (status.phase="Running"), /// but not yet healthy are considered disrupted and can be evicted regardless /// of whether the criteria in a PDB is met. This means perspective running /// pods of a disrupted application might not get a chance to become healthy. /// Healthy pods will be subject to the PDB for eviction. /// - /// /// Additional policies may be added in the future. /// Clients making eviction decisions should disallow eviction of unhealthy pods /// if they encounter an unrecognized policy in this field. /// - /// /// This field is beta-level. The eviction API uses this field when /// the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "unhealthyPodEvictionPolicy")] diff --git a/kube-custom-resources-rs/src/enterprisesearch_k8s_elastic_co/v1/enterprisesearches.rs b/kube-custom-resources-rs/src/enterprisesearch_k8s_elastic_co/v1/enterprisesearches.rs index c72814eac..73ad9aa60 100644 --- a/kube-custom-resources-rs/src/enterprisesearch_k8s_elastic_co/v1/enterprisesearches.rs +++ b/kube-custom-resources-rs/src/enterprisesearch_k8s_elastic_co/v1/enterprisesearches.rs @@ -177,7 +177,6 @@ pub struct EnterpriseSearchHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -244,7 +243,6 @@ pub struct EnterpriseSearchHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -357,17 +355,14 @@ pub struct EnterpriseSearchHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -432,7 +427,6 @@ pub struct EnterpriseSearchHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -446,7 +440,6 @@ pub struct EnterpriseSearchHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -605,9 +598,11 @@ pub struct EnterpriseSearchPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -618,11 +613,9 @@ pub struct EnterpriseSearchPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -637,6 +630,7 @@ pub struct EnterpriseSearchPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -689,11 +683,9 @@ pub struct EnterpriseSearchPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -718,7 +710,6 @@ pub struct EnterpriseSearchPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -982,7 +973,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAffinityPreferredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -993,7 +984,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAffinityPreferredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1103,7 +1094,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAffinityRequiredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1114,7 +1105,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAffinityRequiredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1255,7 +1246,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAntiAffinityPreferredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1266,7 +1257,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAntiAffinityPreferredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1376,7 +1367,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAntiAffinityRequiredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1387,7 +1378,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAntiAffinityRequiredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1693,9 +1684,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersEnvValueFromConfigMapKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1738,9 +1727,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1769,9 +1756,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1786,9 +1771,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2073,7 +2056,6 @@ pub struct EnterpriseSearchPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2224,7 +2206,6 @@ pub struct EnterpriseSearchPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2296,11 +2277,9 @@ pub struct EnterpriseSearchPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2323,6 +2302,11 @@ pub struct EnterpriseSearchPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2356,7 +2340,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2479,7 +2463,6 @@ pub struct EnterpriseSearchPodTemplateSpecContainersSecurityContextSeccompProfil /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2591,7 +2574,6 @@ pub struct EnterpriseSearchPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2676,10 +2658,8 @@ pub struct EnterpriseSearchPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2687,11 +2667,9 @@ pub struct EnterpriseSearchPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2746,7 +2724,6 @@ pub struct EnterpriseSearchPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2847,7 +2824,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2938,9 +2914,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersEnvValueFromConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2983,9 +2957,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersEnvValueFromSecretK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3014,9 +2986,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersEnvFromConfigMapRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3031,9 +3001,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3314,7 +3282,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3462,7 +3429,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersReadinessProbeGrpc /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3533,11 +3499,9 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3560,6 +3524,11 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3592,7 +3561,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3715,7 +3684,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersSecurityContextSecc /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3821,7 +3789,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3906,10 +3873,8 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3917,11 +3882,9 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3956,9 +3919,7 @@ pub struct EnterpriseSearchPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4179,9 +4140,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersEnvValueFromConfigMapKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4224,9 +4183,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersEnvValueFromSecretKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4255,9 +4212,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4272,9 +4227,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4559,7 +4512,6 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4710,7 +4662,6 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4782,11 +4733,9 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4809,6 +4758,11 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4842,7 +4796,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4965,7 +4919,6 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersSecurityContextSeccompPr /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5077,7 +5030,6 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5162,10 +5114,8 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5173,11 +5123,9 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5196,11 +5144,9 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5215,6 +5161,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5242,7 +5189,10 @@ pub struct EnterpriseSearchPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5250,32 +5200,28 @@ pub struct EnterpriseSearchPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct EnterpriseSearchPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5300,12 +5246,10 @@ pub struct EnterpriseSearchPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5355,15 +5299,24 @@ pub struct EnterpriseSearchPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5431,7 +5384,6 @@ pub struct EnterpriseSearchPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5523,7 +5475,6 @@ pub struct EnterpriseSearchPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5557,7 +5508,6 @@ pub struct EnterpriseSearchPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5573,7 +5523,6 @@ pub struct EnterpriseSearchPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5584,7 +5533,6 @@ pub struct EnterpriseSearchPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5693,7 +5641,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5704,17 +5651,14 @@ pub struct EnterpriseSearchPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5749,11 +5693,24 @@ pub struct EnterpriseSearchPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5812,7 +5769,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5908,9 +5864,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5948,9 +5902,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5980,9 +5932,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6049,9 +5999,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6145,7 +6093,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6156,17 +6103,14 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6179,7 +6123,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6189,11 +6132,9 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6207,7 +6148,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6217,11 +6157,9 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6324,7 +6262,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpe /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6453,7 +6391,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6510,9 +6447,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6538,7 +6473,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6600,9 +6534,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EnterpriseSearchPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6616,6 +6547,39 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct EnterpriseSearchPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6631,7 +6595,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6671,9 +6634,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6751,25 +6712,24 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EnterpriseSearchPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6794,14 +6754,11 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6884,9 +6841,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6985,9 +6940,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7072,7 +7025,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7119,9 +7071,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7174,9 +7124,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7270,9 +7218,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/enterprisesearch_k8s_elastic_co/v1beta1/enterprisesearches.rs b/kube-custom-resources-rs/src/enterprisesearch_k8s_elastic_co/v1beta1/enterprisesearches.rs index 8a877f6a1..254c0196b 100644 --- a/kube-custom-resources-rs/src/enterprisesearch_k8s_elastic_co/v1beta1/enterprisesearches.rs +++ b/kube-custom-resources-rs/src/enterprisesearch_k8s_elastic_co/v1beta1/enterprisesearches.rs @@ -174,7 +174,6 @@ pub struct EnterpriseSearchHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -241,7 +240,6 @@ pub struct EnterpriseSearchHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -354,17 +352,14 @@ pub struct EnterpriseSearchHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -429,7 +424,6 @@ pub struct EnterpriseSearchHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -443,7 +437,6 @@ pub struct EnterpriseSearchHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -602,9 +595,11 @@ pub struct EnterpriseSearchPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -615,11 +610,9 @@ pub struct EnterpriseSearchPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -634,6 +627,7 @@ pub struct EnterpriseSearchPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -686,11 +680,9 @@ pub struct EnterpriseSearchPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -715,7 +707,6 @@ pub struct EnterpriseSearchPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -979,7 +970,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAffinityPreferredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -990,7 +981,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAffinityPreferredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1100,7 +1091,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAffinityRequiredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1111,7 +1102,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAffinityRequiredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1252,7 +1243,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAntiAffinityPreferredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1263,7 +1254,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAntiAffinityPreferredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1373,7 +1364,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAntiAffinityRequiredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1384,7 +1375,7 @@ pub struct EnterpriseSearchPodTemplateSpecAffinityPodAntiAffinityRequiredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1690,9 +1681,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersEnvValueFromConfigMapKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1735,9 +1724,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1766,9 +1753,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1783,9 +1768,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2070,7 +2053,6 @@ pub struct EnterpriseSearchPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2221,7 +2203,6 @@ pub struct EnterpriseSearchPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2293,11 +2274,9 @@ pub struct EnterpriseSearchPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2320,6 +2299,11 @@ pub struct EnterpriseSearchPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2353,7 +2337,7 @@ pub struct EnterpriseSearchPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2476,7 +2460,6 @@ pub struct EnterpriseSearchPodTemplateSpecContainersSecurityContextSeccompProfil /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2588,7 +2571,6 @@ pub struct EnterpriseSearchPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2673,10 +2655,8 @@ pub struct EnterpriseSearchPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2684,11 +2664,9 @@ pub struct EnterpriseSearchPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2743,7 +2721,6 @@ pub struct EnterpriseSearchPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2844,7 +2821,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2935,9 +2911,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersEnvValueFromConfigM /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2980,9 +2954,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersEnvValueFromSecretK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3011,9 +2983,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersEnvFromConfigMapRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3028,9 +2998,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3311,7 +3279,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3459,7 +3426,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersReadinessProbeGrpc /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3530,11 +3496,9 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3557,6 +3521,11 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3589,7 +3558,7 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3712,7 +3681,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersSecurityContextSecc /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3818,7 +3786,6 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3903,10 +3870,8 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3914,11 +3879,9 @@ pub struct EnterpriseSearchPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3953,9 +3916,7 @@ pub struct EnterpriseSearchPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4176,9 +4137,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersEnvValueFromConfigMapKey /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4221,9 +4180,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersEnvValueFromSecretKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4252,9 +4209,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4269,9 +4224,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4556,7 +4509,6 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4707,7 +4659,6 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4779,11 +4730,9 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4806,6 +4755,11 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4839,7 +4793,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4962,7 +4916,6 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersSecurityContextSeccompPr /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5074,7 +5027,6 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5159,10 +5111,8 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5170,11 +5120,9 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5193,11 +5141,9 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5212,6 +5158,7 @@ pub struct EnterpriseSearchPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5239,7 +5186,10 @@ pub struct EnterpriseSearchPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5247,32 +5197,28 @@ pub struct EnterpriseSearchPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct EnterpriseSearchPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5297,12 +5243,10 @@ pub struct EnterpriseSearchPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5352,15 +5296,24 @@ pub struct EnterpriseSearchPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5428,7 +5381,6 @@ pub struct EnterpriseSearchPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5520,7 +5472,6 @@ pub struct EnterpriseSearchPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5554,7 +5505,6 @@ pub struct EnterpriseSearchPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5570,7 +5520,6 @@ pub struct EnterpriseSearchPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5581,7 +5530,6 @@ pub struct EnterpriseSearchPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5690,7 +5638,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5701,17 +5648,14 @@ pub struct EnterpriseSearchPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5746,11 +5690,24 @@ pub struct EnterpriseSearchPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5809,7 +5766,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5905,9 +5861,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5945,9 +5899,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5977,9 +5929,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6046,9 +5996,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6142,7 +6090,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6153,17 +6100,14 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6176,7 +6120,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6186,11 +6129,9 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6204,7 +6145,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6214,11 +6154,9 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6321,7 +6259,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpe /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6450,7 +6388,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6507,9 +6444,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6535,7 +6470,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6597,9 +6531,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EnterpriseSearchPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6613,6 +6544,39 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct EnterpriseSearchPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6628,7 +6592,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6668,9 +6631,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6748,25 +6709,24 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EnterpriseSearchPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6791,14 +6751,11 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6881,9 +6838,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6982,9 +6937,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7069,7 +7022,6 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7116,9 +7068,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7171,9 +7121,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7267,9 +7215,7 @@ pub struct EnterpriseSearchPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/backupstorages.rs b/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/backupstorages.rs index e44a0341b..c015c03e9 100644 --- a/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/backupstorages.rs +++ b/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/backupstorages.rs @@ -19,6 +19,9 @@ use self::prelude::*; #[kube(derive="PartialEq")] pub struct BackupStorageSpec { /// AllowedNamespaces is the list of namespaces where the operator will copy secrets provided in the CredentialsSecretsName. + /// + /// + /// Deprecated: BackupStorages are now used only in the namespaces where they are created. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowedNamespaces")] pub allowed_namespaces: Option>, /// Bucket is a name of bucket. @@ -60,6 +63,7 @@ pub enum BackupStorageType { /// BackupStorageStatus defines the observed state of BackupStorage. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupStorageStatus { + /// Deprecated: BackupStorages are now used only in the namespaces where they are created. #[serde(rename = "usedNamespaces")] pub used_namespaces: BTreeMap, } diff --git a/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusterbackups.rs b/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusterbackups.rs index 87a7e7b3e..3025073ea 100644 --- a/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusterbackups.rs +++ b/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusterbackups.rs @@ -19,6 +19,7 @@ use self::prelude::*; #[kube(derive="PartialEq")] pub struct DatabaseClusterBackupSpec { /// BackupStorageName is the name of the BackupStorage used for backups. + /// The BackupStorage must be created in the same namespace as the DatabaseCluster. #[serde(rename = "backupStorageName")] pub backup_storage_name: String, /// DBClusterName is the original database cluster name. diff --git a/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusterrestores.rs b/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusterrestores.rs index bb6aa13f3..453b0804d 100644 --- a/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusterrestores.rs +++ b/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusterrestores.rs @@ -44,6 +44,7 @@ pub struct DatabaseClusterRestoreDataSource { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatabaseClusterRestoreDataSourceBackupSource { /// BackupStorageName is the name of the BackupStorage used for backups. + /// The BackupStorage must be created in the same namespace as the DatabaseCluster. #[serde(rename = "backupStorageName")] pub backup_storage_name: String, /// Path is the path to the backup file/directory. diff --git a/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusters.rs b/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusters.rs index a3a3a8ae3..63ecca34c 100644 --- a/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusters.rs +++ b/kube-custom-resources-rs/src/everest_percona_com/v1alpha1/databaseclusters.rs @@ -42,6 +42,9 @@ pub struct DatabaseClusterSpec { /// external access to the database cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub proxy: Option, + /// Sharding is the sharding configuration. PSMDB-only + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sharding: Option, } /// Backup is the backup specification @@ -61,6 +64,7 @@ pub struct DatabaseClusterBackup { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatabaseClusterBackupPitr { /// BackupStorageName is the name of the BackupStorage where the PITR is enabled + /// The BackupStorage must be created in the same namespace as the DatabaseCluster. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backupStorageName")] pub backup_storage_name: Option, /// Enabled is a flag to enable PITR @@ -74,7 +78,8 @@ pub struct DatabaseClusterBackupPitr { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatabaseClusterBackupSchedules { /// BackupStorageName is the name of the BackupStorage CR that defines the - /// storage location + /// storage location. + /// The BackupStorage must be created in the same namespace as the DatabaseCluster. #[serde(rename = "backupStorageName")] pub backup_storage_name: String, /// Enabled is a flag to enable the schedule @@ -106,6 +111,7 @@ pub struct DatabaseClusterDataSource { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatabaseClusterDataSourceBackupSource { /// BackupStorageName is the name of the BackupStorage used for backups. + /// The BackupStorage must be created in the same namespace as the DatabaseCluster. #[serde(rename = "backupStorageName")] pub backup_storage_name: String, /// Path is the path to the backup file/directory. @@ -203,6 +209,7 @@ pub enum DatabaseClusterEngineType { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatabaseClusterMonitoring { /// MonitoringConfigName is the name of a monitoringConfig CR. + /// The MonitoringConfig must be created in the same namespace as the DatabaseCluster. #[serde(default, skip_serializing_if = "Option::is_none", rename = "monitoringConfigName")] pub monitoring_config_name: Option, /// Resources defines resource limitations for the monitoring. @@ -318,6 +325,25 @@ pub enum DatabaseClusterProxyType { Pgbouncer, } +/// Sharding is the sharding configuration. PSMDB-only +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatabaseClusterSharding { + /// ConfigServer represents the sharding configuration server settings + #[serde(rename = "configServer")] + pub config_server: DatabaseClusterShardingConfigServer, + /// Enabled defines if the sharding is enabled + pub enabled: bool, + /// Shards defines the number of shards + pub shards: i32, +} + +/// ConfigServer represents the sharding configuration server settings +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatabaseClusterShardingConfigServer { + /// Replicas is the amount of configServers + pub replicas: i32, +} + /// DatabaseClusterStatus defines the observed state of DatabaseCluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatabaseClusterStatus { @@ -327,6 +353,9 @@ pub struct DatabaseClusterStatus { /// CRVersion is the observed version of the CR used with the underlying operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "crVersion")] pub cr_version: Option, + /// Details provides full status of the upstream cluster as a plain text. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub details: Option, /// Hostname is the hostname where the cluster can be reached #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs index cf9a088b6..045a115ea 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs @@ -73,6 +73,9 @@ pub struct ClusterFilterFilters { /// Throttle defines a Throttle configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub throttle: Option, + /// Wasm defines a Wasm configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wasm: Option, } /// Aws defines a Aws configuration. @@ -377,6 +380,10 @@ pub struct ClusterFilterFiltersLua { /// a Lua table with keys sec for seconds since epoch and nsec for nanoseconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeAsTable")] pub time_as_table: Option, + /// If these keys are matched, the fields are handled as array. If more than + /// one key, delimit by space. It is useful the array can be empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "typeArrayKey")] + pub type_array_key: Option>, /// If these keys are matched, the fields are converted to integer. /// If more than one key, delimit by space. /// Note that starting from Fluent Bit v1.6 integer data types are preserved @@ -682,6 +689,35 @@ pub struct ClusterFilterFiltersThrottle { pub window: Option, } +/// Wasm defines a Wasm configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterFilterFiltersWasm { + /// Specify the whitelist of paths to be able to access paths from WASM programs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessiblePaths")] + pub accessible_paths: Option>, + /// Alias for the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub alias: Option, + /// Define event format to interact with Wasm programs: msgpack or json. Default: json + #[serde(default, skip_serializing_if = "Option::is_none", rename = "eventFormat")] + pub event_format: Option, + /// Wasm function name that will be triggered to do filtering. It's assumed that the function is built inside the Wasm program specified above. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "functionName")] + pub function_name: Option, + /// RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryLimit")] + pub retry_limit: Option, + /// Size of the heap size of Wasm execution. Review unit sizes for allowed values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasmHeapSize")] + pub wasm_heap_size: Option, + /// Path to the built Wasm program that will be used. This can be a relative path against the main configuration file. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasmPath")] + pub wasm_path: Option, + /// Size of the stack size of Wasm execution. Review unit sizes for allowed values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasmStackSize")] + pub wasm_stack_size: Option, +} + /// Specification of desired Filter configuration. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterFilterLogLevel { diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs index f9f1a9312..f86e22bf9 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs @@ -74,6 +74,9 @@ pub struct FilterFilters { /// Throttle defines a Throttle configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub throttle: Option, + /// Wasm defines a Wasm configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wasm: Option, } /// Aws defines a Aws configuration. @@ -378,6 +381,10 @@ pub struct FilterFiltersLua { /// a Lua table with keys sec for seconds since epoch and nsec for nanoseconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeAsTable")] pub time_as_table: Option, + /// If these keys are matched, the fields are handled as array. If more than + /// one key, delimit by space. It is useful the array can be empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "typeArrayKey")] + pub type_array_key: Option>, /// If these keys are matched, the fields are converted to integer. /// If more than one key, delimit by space. /// Note that starting from Fluent Bit v1.6 integer data types are preserved @@ -683,6 +690,35 @@ pub struct FilterFiltersThrottle { pub window: Option, } +/// Wasm defines a Wasm configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FilterFiltersWasm { + /// Specify the whitelist of paths to be able to access paths from WASM programs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessiblePaths")] + pub accessible_paths: Option>, + /// Alias for the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub alias: Option, + /// Define event format to interact with Wasm programs: msgpack or json. Default: json + #[serde(default, skip_serializing_if = "Option::is_none", rename = "eventFormat")] + pub event_format: Option, + /// Wasm function name that will be triggered to do filtering. It's assumed that the function is built inside the Wasm program specified above. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "functionName")] + pub function_name: Option, + /// RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryLimit")] + pub retry_limit: Option, + /// Size of the heap size of Wasm execution. Review unit sizes for allowed values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasmHeapSize")] + pub wasm_heap_size: Option, + /// Path to the built Wasm program that will be used. This can be a relative path against the main configuration file. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasmPath")] + pub wasm_path: Option, + /// Size of the stack size of Wasm execution. Review unit sizes for allowed values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasmStackSize")] + pub wasm_stack_size: Option, +} + /// FilterSpec defines the desired state of ClusterFilter #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum FilterLogLevel { diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs index 7a0901d19..43b4247ca 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs @@ -611,6 +611,9 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// /// /// Support: Extended + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestMirror")] pub request_mirror: Option, /// ResponseHeaderModifier defines a schema for a filter that modifies response @@ -794,6 +797,9 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// /// /// Support: Extended +/// +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GRPCRouteRulesBackendRefsFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. @@ -827,6 +833,29 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestMirror { /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. @@ -908,6 +937,22 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// @@ -1066,6 +1111,9 @@ pub struct GRPCRouteRulesFilters { /// /// /// Support: Extended + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestMirror")] pub request_mirror: Option, /// ResponseHeaderModifier defines a schema for a filter that modifies response @@ -1249,6 +1297,9 @@ pub struct GRPCRouteRulesFiltersRequestHeaderModifierSet { /// /// /// Support: Extended +/// +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GRPCRouteRulesFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. @@ -1282,6 +1333,29 @@ pub struct GRPCRouteRulesFiltersRequestMirror { /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: GRPCRouteRulesFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. @@ -1363,6 +1437,22 @@ pub struct GRPCRouteRulesFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GRPCRouteRulesFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs index c8269a78c..ca3dd6a15 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs @@ -653,6 +653,9 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// /// /// Support: Extended + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestMirror")] pub request_mirror: Option, /// RequestRedirect defines a schema for a filter that responds to the @@ -856,6 +859,9 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// /// /// Support: Extended +/// +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. @@ -889,6 +895,29 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirror { /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. @@ -970,6 +999,22 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// @@ -1407,6 +1452,9 @@ pub struct HTTPRouteRulesFilters { /// /// /// Support: Extended + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestMirror")] pub request_mirror: Option, /// RequestRedirect defines a schema for a filter that responds to the @@ -1610,6 +1658,9 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifierSet { /// /// /// Support: Extended +/// +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. @@ -1643,6 +1694,29 @@ pub struct HTTPRouteRulesFiltersRequestMirror { /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: HTTPRouteRulesFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. @@ -1724,6 +1798,22 @@ pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HTTPRouteRulesFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/grpcroutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/grpcroutes.rs index bcd93dc7a..e38ade720 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/grpcroutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1alpha2/grpcroutes.rs @@ -610,6 +610,9 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// /// /// Support: Extended + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestMirror")] pub request_mirror: Option, /// ResponseHeaderModifier defines a schema for a filter that modifies response @@ -793,6 +796,9 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// /// /// Support: Extended +/// +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GRPCRouteRulesBackendRefsFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. @@ -826,6 +832,29 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestMirror { /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. @@ -907,6 +936,22 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// @@ -1065,6 +1110,9 @@ pub struct GRPCRouteRulesFilters { /// /// /// Support: Extended + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestMirror")] pub request_mirror: Option, /// ResponseHeaderModifier defines a schema for a filter that modifies response @@ -1248,6 +1296,9 @@ pub struct GRPCRouteRulesFiltersRequestHeaderModifierSet { /// /// /// Support: Extended +/// +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GRPCRouteRulesFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. @@ -1281,6 +1332,29 @@ pub struct GRPCRouteRulesFiltersRequestMirror { /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: GRPCRouteRulesFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. @@ -1362,6 +1436,22 @@ pub struct GRPCRouteRulesFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GRPCRouteRulesFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs index 5597e6313..c8d309f50 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs @@ -653,6 +653,9 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// /// /// Support: Extended + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestMirror")] pub request_mirror: Option, /// RequestRedirect defines a schema for a filter that responds to the @@ -856,6 +859,9 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// /// /// Support: Extended +/// +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. @@ -889,6 +895,29 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirror { /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. @@ -970,6 +999,22 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// @@ -1407,6 +1452,9 @@ pub struct HTTPRouteRulesFilters { /// /// /// Support: Extended + /// + /// + /// #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestMirror")] pub request_mirror: Option, /// RequestRedirect defines a schema for a filter that responds to the @@ -1610,6 +1658,9 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifierSet { /// /// /// Support: Extended +/// +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. @@ -1643,6 +1694,29 @@ pub struct HTTPRouteRulesFiltersRequestMirror { /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: HTTPRouteRulesFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. @@ -1724,6 +1798,22 @@ pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HTTPRouteRulesFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// diff --git a/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs b/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs index 7af1798d5..91479e149 100644 --- a/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs +++ b/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs @@ -26,12 +26,15 @@ pub struct MachinePoolSpec { /// ClusterDeploymentRef references the cluster deployment to which this machine pool belongs. #[serde(rename = "clusterDeploymentRef")] pub cluster_deployment_ref: MachinePoolClusterDeploymentRef, - /// Map of label string keys and values that will be applied to the created MachineSet's MachineSpec. This list will overwrite any modifications made to Node labels on an ongoing basis. + /// Map of label string keys and values that will be applied to the created MachineSet's MachineSpec. This affects the labels that will end up on the *Nodes* (in contrast with the MachineLabels field). This list will overwrite any modifications made to Node labels on an ongoing basis. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, + /// Map of label string keys and values that will be applied to the created MachineSet's MachineTemplateSpec. This affects the labels that will end up on the *Machines* (in contrast with the Labels field). This list will overwrite any modifications made to Machine labels on an ongoing basis. Note: We ignore entries that conflict with generated labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "machineLabels")] + pub machine_labels: Option>, /// Name is the name of the machine pool. pub name: String, - /// Platform is configuration for machine pool specific to the platform. + /// Platform is configuration for machine pool specific to the platform. When using a MachinePool to control the default worker machines created by installer, these must match the values provided in the install-config. pub platform: MachinePoolPlatform, /// Replicas is the count of machines for this machine pool. Replicas and autoscaling cannot be used together. Default is 1, if autoscaling is not used. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -60,7 +63,7 @@ pub struct MachinePoolClusterDeploymentRef { pub name: Option, } -/// Platform is configuration for machine pool specific to the platform. +/// Platform is configuration for machine pool specific to the platform. When using a MachinePool to control the default worker machines created by installer, these must match the values provided in the install-config. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MachinePoolPlatform { /// AWS is the configuration used when installing on AWS. @@ -150,6 +153,12 @@ pub struct MachinePoolPlatformAwsSpotMarketOptions { /// Azure is the configuration used when installing on Azure. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MachinePoolPlatformAzure { + /// ComputeSubnet specifies an existing subnet for use by compute nodes. If omitted, the default (${infraID}-worker-subnet) will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "computeSubnet")] + pub compute_subnet: Option, + /// NetworkResourceGroupName specifies the network resource group that contains an existing VNet. Ignored unless VirtualNetwork is also specified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "networkResourceGroupName")] + pub network_resource_group_name: Option, /// OSDisk defines the storage for instance. #[serde(rename = "osDisk")] pub os_disk: MachinePoolPlatformAzureOsDisk, @@ -159,6 +168,9 @@ pub struct MachinePoolPlatformAzure { /// InstanceType defines the azure instance type. eg. Standard_DS_V2 #[serde(rename = "type")] pub r#type: String, + /// VirtualNetwork specifies the name of an existing VNet for the Machines to use If omitted, the default (${infraID}-vnet) will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "virtualNetwork")] + pub virtual_network: Option, /// Zones is list of availability zones that can be used. eg. ["1", "2", "3"] #[serde(default, skip_serializing_if = "Option::is_none")] pub zones: Option>, @@ -458,9 +470,12 @@ pub struct MachinePoolStatus { /// MachineSets is the status of the machine sets for the machine pool on the remote cluster. #[serde(default, skip_serializing_if = "Option::is_none", rename = "machineSets")] pub machine_sets: Option>, - /// OwnedLabels lists the keys of labels this MachinePool created on the remote MachineSet. Used to identify labels to remove from the remote MachineSet when they are absent from the MachinePool's spec.labels. + /// OwnedLabels lists the keys of labels this MachinePool created on the remote MachineSet's MachineSpec. (In contrast with OwnedMachineLabels.) Used to identify labels to remove from the remote MachineSet when they are absent from the MachinePool's spec.labels. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ownedLabels")] pub owned_labels: Option>, + /// OwnedMachineLabels lists the keys of labels this MachinePool created on the remote MachineSet's MachineTemplateSpec. (In contrast with OwnedLabels.) Used to identify labels to remove from the remote MachineSet when they are absent from the MachinePool's spec.machineLabels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ownedMachineLabels")] + pub owned_machine_labels: Option>, /// OwnedTaints lists identifiers of taints this MachinePool created on the remote MachineSet. Used to identify taints to remove from the remote MachineSet when they are absent from the MachinePool's spec.taints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ownedTaints")] pub owned_taints: Option>, diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachines.rs index ca695999c..4d9ad3c2e 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachines.rs @@ -71,8 +71,12 @@ pub struct IBMPowerVSMachineImage { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMPowerVSMachineImageRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachinetemplates.rs index 54ec24726..16b381334 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachinetemplates.rs @@ -86,8 +86,12 @@ pub struct IBMPowerVSMachineTemplateTemplateSpecImage { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMPowerVSMachineTemplateTemplateSpecImageRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclusters.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclusters.rs index cd8fa2c7e..81a588a59 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclusters.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclusters.rs @@ -204,6 +204,9 @@ pub struct IBMPowerVSClusterLoadBalancers { /// AdditionalListeners sets the additional listeners for the control plane load balancer. #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalListeners")] pub additional_listeners: Option>, + /// backendPools defines the load balancer's backend pools. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendPools")] + pub backend_pools: Option>, /// id of the loadbalancer #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, @@ -213,14 +216,135 @@ pub struct IBMPowerVSClusterLoadBalancers { /// public indicates that load balancer is public or private #[serde(default, skip_serializing_if = "Option::is_none")] pub public: Option, + /// securityGroups defines the Security Groups to attach to the load balancer. + /// Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroups")] + pub security_groups: Option>, + /// subnets defines the VPC Subnets to attach to the load balancer. + /// Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subnets: Option>, } /// AdditionalListenerSpec defines the desired state of an /// additional listener on an VPC load balancer. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMPowerVSClusterLoadBalancersAdditionalListeners { + /// defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultPoolName")] + pub default_pool_name: Option, /// Port sets the port for the additional listener. pub port: i64, + /// protocol defines the protocol to use for the VPC Load Balancer Listener. + /// Will default to TCP protocol if not specified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub protocol: Option, +} + +/// AdditionalListenerSpec defines the desired state of an +/// additional listener on an VPC load balancer. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMPowerVSClusterLoadBalancersAdditionalListenersProtocol { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMPowerVSClusterLoadBalancersBackendPools { + /// algorithm defines the load balancing algorithm to use. + pub algorithm: IBMPowerVSClusterLoadBalancersBackendPoolsAlgorithm, + /// healthMonitor defines the backend pool's health monitor. + #[serde(rename = "healthMonitor")] + pub health_monitor: IBMPowerVSClusterLoadBalancersBackendPoolsHealthMonitor, + /// name defines the name of the Backend Pool. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// protocol defines the protocol to use for the Backend Pool. + pub protocol: IBMPowerVSClusterLoadBalancersBackendPoolsProtocol, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMPowerVSClusterLoadBalancersBackendPoolsAlgorithm { + #[serde(rename = "least_connections")] + LeastConnections, + #[serde(rename = "round_robin")] + RoundRobin, + #[serde(rename = "weighted_round_robin")] + WeightedRoundRobin, +} + +/// healthMonitor defines the backend pool's health monitor. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMPowerVSClusterLoadBalancersBackendPoolsHealthMonitor { + /// delay defines the seconds to wait between health checks. + pub delay: i64, + /// port defines the port to perform health monitoring on. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// retries defines the max retries for health check. + pub retries: i64, + /// timeout defines the seconds to wait for a health check response. + pub timeout: i64, + /// type defines the protocol used for health checks. + #[serde(rename = "type")] + pub r#type: IBMPowerVSClusterLoadBalancersBackendPoolsHealthMonitorType, + /// urlPath defines the URL to use for health monitoring. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// healthMonitor defines the backend pool's health monitor. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMPowerVSClusterLoadBalancersBackendPoolsHealthMonitorType { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMPowerVSClusterLoadBalancersBackendPoolsProtocol { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCResource represents a VPC resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMPowerVSClusterLoadBalancersSecurityGroups { + /// id of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// VPCResource represents a VPC resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMPowerVSClusterLoadBalancersSubnets { + /// id of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// Network is the reference to the Network to use for this cluster. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclustertemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclustertemplates.rs index 1ae37b5be..acdbd8e14 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclustertemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclustertemplates.rs @@ -238,6 +238,9 @@ pub struct IBMPowerVSClusterTemplateTemplateSpecLoadBalancers { /// AdditionalListeners sets the additional listeners for the control plane load balancer. #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalListeners")] pub additional_listeners: Option>, + /// backendPools defines the load balancer's backend pools. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendPools")] + pub backend_pools: Option>, /// id of the loadbalancer #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, @@ -247,14 +250,135 @@ pub struct IBMPowerVSClusterTemplateTemplateSpecLoadBalancers { /// public indicates that load balancer is public or private #[serde(default, skip_serializing_if = "Option::is_none")] pub public: Option, + /// securityGroups defines the Security Groups to attach to the load balancer. + /// Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroups")] + pub security_groups: Option>, + /// subnets defines the VPC Subnets to attach to the load balancer. + /// Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subnets: Option>, } /// AdditionalListenerSpec defines the desired state of an /// additional listener on an VPC load balancer. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMPowerVSClusterTemplateTemplateSpecLoadBalancersAdditionalListeners { + /// defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultPoolName")] + pub default_pool_name: Option, /// Port sets the port for the additional listener. pub port: i64, + /// protocol defines the protocol to use for the VPC Load Balancer Listener. + /// Will default to TCP protocol if not specified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub protocol: Option, +} + +/// AdditionalListenerSpec defines the desired state of an +/// additional listener on an VPC load balancer. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMPowerVSClusterTemplateTemplateSpecLoadBalancersAdditionalListenersProtocol { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPools { + /// algorithm defines the load balancing algorithm to use. + pub algorithm: IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPoolsAlgorithm, + /// healthMonitor defines the backend pool's health monitor. + #[serde(rename = "healthMonitor")] + pub health_monitor: IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPoolsHealthMonitor, + /// name defines the name of the Backend Pool. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// protocol defines the protocol to use for the Backend Pool. + pub protocol: IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPoolsProtocol, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPoolsAlgorithm { + #[serde(rename = "least_connections")] + LeastConnections, + #[serde(rename = "round_robin")] + RoundRobin, + #[serde(rename = "weighted_round_robin")] + WeightedRoundRobin, +} + +/// healthMonitor defines the backend pool's health monitor. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPoolsHealthMonitor { + /// delay defines the seconds to wait between health checks. + pub delay: i64, + /// port defines the port to perform health monitoring on. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// retries defines the max retries for health check. + pub retries: i64, + /// timeout defines the seconds to wait for a health check response. + pub timeout: i64, + /// type defines the protocol used for health checks. + #[serde(rename = "type")] + pub r#type: IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPoolsHealthMonitorType, + /// urlPath defines the URL to use for health monitoring. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// healthMonitor defines the backend pool's health monitor. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPoolsHealthMonitorType { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMPowerVSClusterTemplateTemplateSpecLoadBalancersBackendPoolsProtocol { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCResource represents a VPC resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMPowerVSClusterTemplateTemplateSpecLoadBalancersSecurityGroups { + /// id of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// VPCResource represents a VPC resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMPowerVSClusterTemplateTemplateSpecLoadBalancersSubnets { + /// id of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// Network is the reference to the Network to use for this cluster. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachines.rs index 38b436ef8..1b2887e14 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachines.rs @@ -116,8 +116,12 @@ pub struct IBMPowerVSMachineImage { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMPowerVSMachineImageRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachinetemplates.rs index 139b2d27b..395479d20 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachinetemplates.rs @@ -130,8 +130,12 @@ pub struct IBMPowerVSMachineTemplateTemplateSpecImage { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMPowerVSMachineTemplateTemplateSpecImageRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcclusters.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcclusters.rs index bdefad3f9..dd162af8a 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcclusters.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcclusters.rs @@ -6,6 +6,7 @@ mod prelude { pub use kube::CustomResource; pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; } use self::prelude::*; @@ -23,8 +24,12 @@ pub struct IBMVPCClusterSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "controlPlaneEndpoint")] pub control_plane_endpoint: Option, /// ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior. + /// Use this for legacy support, use Network.LoadBalancers for the extended VPC support. #[serde(default, skip_serializing_if = "Option::is_none", rename = "controlPlaneLoadBalancer")] pub control_plane_load_balancer: Option, + /// image represents the Image details used for the cluster. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// network represents the VPC network to use for the cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub network: Option, @@ -51,11 +56,15 @@ pub struct IBMVPCClusterControlPlaneEndpoint { } /// ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior. +/// Use this for legacy support, use Network.LoadBalancers for the extended VPC support. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMVPCClusterControlPlaneLoadBalancer { /// AdditionalListeners sets the additional listeners for the control plane load balancer. #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalListeners")] pub additional_listeners: Option>, + /// backendPools defines the load balancer's backend pools. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendPools")] + pub backend_pools: Option>, /// id of the loadbalancer #[serde(default, skip_serializing_if = "Option::is_none")] pub id: Option, @@ -65,14 +74,174 @@ pub struct IBMVPCClusterControlPlaneLoadBalancer { /// public indicates that load balancer is public or private #[serde(default, skip_serializing_if = "Option::is_none")] pub public: Option, + /// securityGroups defines the Security Groups to attach to the load balancer. + /// Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroups")] + pub security_groups: Option>, + /// subnets defines the VPC Subnets to attach to the load balancer. + /// Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subnets: Option>, } /// AdditionalListenerSpec defines the desired state of an /// additional listener on an VPC load balancer. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMVPCClusterControlPlaneLoadBalancerAdditionalListeners { + /// defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultPoolName")] + pub default_pool_name: Option, /// Port sets the port for the additional listener. pub port: i64, + /// protocol defines the protocol to use for the VPC Load Balancer Listener. + /// Will default to TCP protocol if not specified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub protocol: Option, +} + +/// AdditionalListenerSpec defines the desired state of an +/// additional listener on an VPC load balancer. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterControlPlaneLoadBalancerAdditionalListenersProtocol { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterControlPlaneLoadBalancerBackendPools { + /// algorithm defines the load balancing algorithm to use. + pub algorithm: IBMVPCClusterControlPlaneLoadBalancerBackendPoolsAlgorithm, + /// healthMonitor defines the backend pool's health monitor. + #[serde(rename = "healthMonitor")] + pub health_monitor: IBMVPCClusterControlPlaneLoadBalancerBackendPoolsHealthMonitor, + /// name defines the name of the Backend Pool. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// protocol defines the protocol to use for the Backend Pool. + pub protocol: IBMVPCClusterControlPlaneLoadBalancerBackendPoolsProtocol, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterControlPlaneLoadBalancerBackendPoolsAlgorithm { + #[serde(rename = "least_connections")] + LeastConnections, + #[serde(rename = "round_robin")] + RoundRobin, + #[serde(rename = "weighted_round_robin")] + WeightedRoundRobin, +} + +/// healthMonitor defines the backend pool's health monitor. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterControlPlaneLoadBalancerBackendPoolsHealthMonitor { + /// delay defines the seconds to wait between health checks. + pub delay: i64, + /// port defines the port to perform health monitoring on. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// retries defines the max retries for health check. + pub retries: i64, + /// timeout defines the seconds to wait for a health check response. + pub timeout: i64, + /// type defines the protocol used for health checks. + #[serde(rename = "type")] + pub r#type: IBMVPCClusterControlPlaneLoadBalancerBackendPoolsHealthMonitorType, + /// urlPath defines the URL to use for health monitoring. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// healthMonitor defines the backend pool's health monitor. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterControlPlaneLoadBalancerBackendPoolsHealthMonitorType { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterControlPlaneLoadBalancerBackendPoolsProtocol { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCResource represents a VPC resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterControlPlaneLoadBalancerSecurityGroups { + /// id of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// VPCResource represents a VPC resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterControlPlaneLoadBalancerSubnets { + /// id of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// image represents the Image details used for the cluster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterImage { + /// cosBucket is the name of the IBM Cloud COS Bucket containing the source of the image, if necessary. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosBucket")] + pub cos_bucket: Option, + /// cosBucketRegion is the COS region the bucket is in. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosBucketRegion")] + pub cos_bucket_region: Option, + /// cosInstance is the name of the IBM Cloud COS Instance containing the source of the image, if necessary. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosInstance")] + pub cos_instance: Option, + /// cosObject is the name of a IBM Cloud COS Object used as the source of the image, if necessary. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosObject")] + pub cos_object: Option, + /// crn is the IBM Cloud CRN of the existing VPC Custom Image. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub crn: Option, + /// name is the name of the desired VPC Custom Image. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// operatingSystem is the Custom Image's Operating System name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "operatingSystem")] + pub operating_system: Option, + /// resourceGroup is the Resource Group to create the Custom Image in. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceGroup")] + pub resource_group: Option, +} + +/// resourceGroup is the Resource Group to create the Custom Image in. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterImageResourceGroup { + /// id defines the IBM Cloud Resource ID. + pub id: String, + /// name defines the IBM Cloud Resource Name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// network represents the VPC network to use for the cluster. @@ -81,10 +250,16 @@ pub struct IBMVPCClusterNetwork { /// controlPlaneSubnets is a set of Subnet's which define the Control Plane subnets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "controlPlaneSubnets")] pub control_plane_subnets: Option>, - /// resourceGroup is the name of the Resource Group containing all of the newtork resources. + /// loadBalancers is a set of VPC Load Balancer definitions to use for the cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancers")] + pub load_balancers: Option>, + /// resourceGroup is the Resource Group containing all of the newtork resources. /// This can be different than the Resource Group containing the remaining cluster resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceGroup")] - pub resource_group: Option, + pub resource_group: Option, + /// securityGroups is a set of VPCSecurityGroup's which define the VPC Security Groups that manage traffic within and out of the VPC. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroups")] + pub security_groups: Option>, /// vpc defines the IBM Cloud VPC for extended VPC Infrastructure support. #[serde(default, skip_serializing_if = "Option::is_none")] pub vpc: Option, @@ -106,6 +281,387 @@ pub struct IBMVPCClusterNetworkControlPlaneSubnets { pub zone: Option, } +/// VPCLoadBalancerSpec defines the desired state of an VPC load balancer. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterNetworkLoadBalancers { + /// AdditionalListeners sets the additional listeners for the control plane load balancer. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalListeners")] + pub additional_listeners: Option>, + /// backendPools defines the load balancer's backend pools. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendPools")] + pub backend_pools: Option>, + /// id of the loadbalancer + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// Name sets the name of the VPC load balancer. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// public indicates that load balancer is public or private + #[serde(default, skip_serializing_if = "Option::is_none")] + pub public: Option, + /// securityGroups defines the Security Groups to attach to the load balancer. + /// Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroups")] + pub security_groups: Option>, + /// subnets defines the VPC Subnets to attach to the load balancer. + /// Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subnets: Option>, +} + +/// AdditionalListenerSpec defines the desired state of an +/// additional listener on an VPC load balancer. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterNetworkLoadBalancersAdditionalListeners { + /// defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultPoolName")] + pub default_pool_name: Option, + /// Port sets the port for the additional listener. + pub port: i64, + /// protocol defines the protocol to use for the VPC Load Balancer Listener. + /// Will default to TCP protocol if not specified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub protocol: Option, +} + +/// AdditionalListenerSpec defines the desired state of an +/// additional listener on an VPC load balancer. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkLoadBalancersAdditionalListenersProtocol { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterNetworkLoadBalancersBackendPools { + /// algorithm defines the load balancing algorithm to use. + pub algorithm: IBMVPCClusterNetworkLoadBalancersBackendPoolsAlgorithm, + /// healthMonitor defines the backend pool's health monitor. + #[serde(rename = "healthMonitor")] + pub health_monitor: IBMVPCClusterNetworkLoadBalancersBackendPoolsHealthMonitor, + /// name defines the name of the Backend Pool. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// protocol defines the protocol to use for the Backend Pool. + pub protocol: IBMVPCClusterNetworkLoadBalancersBackendPoolsProtocol, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkLoadBalancersBackendPoolsAlgorithm { + #[serde(rename = "least_connections")] + LeastConnections, + #[serde(rename = "round_robin")] + RoundRobin, + #[serde(rename = "weighted_round_robin")] + WeightedRoundRobin, +} + +/// healthMonitor defines the backend pool's health monitor. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterNetworkLoadBalancersBackendPoolsHealthMonitor { + /// delay defines the seconds to wait between health checks. + pub delay: i64, + /// port defines the port to perform health monitoring on. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// retries defines the max retries for health check. + pub retries: i64, + /// timeout defines the seconds to wait for a health check response. + pub timeout: i64, + /// type defines the protocol used for health checks. + #[serde(rename = "type")] + pub r#type: IBMVPCClusterNetworkLoadBalancersBackendPoolsHealthMonitorType, + /// urlPath defines the URL to use for health monitoring. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// healthMonitor defines the backend pool's health monitor. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkLoadBalancersBackendPoolsHealthMonitorType { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, +} + +/// VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkLoadBalancersBackendPoolsProtocol { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCResource represents a VPC resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterNetworkLoadBalancersSecurityGroups { + /// id of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// VPCResource represents a VPC resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterNetworkLoadBalancersSubnets { + /// id of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// resourceGroup is the Resource Group containing all of the newtork resources. +/// This can be different than the Resource Group containing the remaining cluster resources. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterNetworkResourceGroup { + /// id defines the IBM Cloud Resource ID. + pub id: String, + /// name defines the IBM Cloud Resource Name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// VPCSecurityGroup defines a VPC Security Group that should exist or be created within the specified VPC, with the specified Security Group Rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterNetworkSecurityGroups { + /// id of the Security Group. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name of the Security Group. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// rules are the Security Group Rules for the Security Group. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rules: Option>, + /// tags are tags to add to the Security Group. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tags: Option>, +} + +/// VPCSecurityGroupRule defines a VPC Security Group Rule for a specified Security Group. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterNetworkSecurityGroupsRules { + /// action defines whether to allow or deny traffic defined by the Security Group Rule. + pub action: IBMVPCClusterNetworkSecurityGroupsRulesAction, + /// destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule. + /// Only used when direction is VPCSecurityGroupRuleDirectionOutbound. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub destination: Option, + /// direction defines whether the traffic is inbound or outbound for the Security Group Rule. + pub direction: IBMVPCClusterNetworkSecurityGroupsRulesDirection, + /// securityGroupID is the ID of the Security Group for the Security Group Rule. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroupID")] + pub security_group_id: Option, + /// source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule. + /// Only used when direction is VPCSecurityGroupRuleDirectionInbound. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub source: Option, +} + +/// VPCSecurityGroupRule defines a VPC Security Group Rule for a specified Security Group. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkSecurityGroupsRulesAction { + #[serde(rename = "allow")] + Allow, + #[serde(rename = "deny")] + Deny, +} + +/// destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule. +/// Only used when direction is VPCSecurityGroupRuleDirectionOutbound. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterNetworkSecurityGroupsRulesDestination { + /// icmpCode is the ICMP code for the Rule. + /// Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpCode")] + pub icmp_code: Option, + /// icmpType is the ICMP type for the Rule. + /// Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpType")] + pub icmp_type: Option, + /// portRange is a range of ports allowed for the Rule's remote. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] + pub port_range: Option, + /// protocol defines the traffic protocol used for the Security Group Rule. + pub protocol: IBMVPCClusterNetworkSecurityGroupsRulesDestinationProtocol, + /// remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote. + /// Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc. + /// This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc. + pub remotes: Vec, +} + +/// portRange is a range of ports allowed for the Rule's remote. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterNetworkSecurityGroupsRulesDestinationPortRange { + /// maximumPort is the inclusive upper range of ports. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maximumPort")] + pub maximum_port: Option, + /// minimumPort is the inclusive lower range of ports. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minimumPort")] + pub minimum_port: Option, +} + +/// destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule. +/// Only used when direction is VPCSecurityGroupRuleDirectionOutbound. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkSecurityGroupsRulesDestinationProtocol { + #[serde(rename = "all")] + All, + #[serde(rename = "icmp")] + Icmp, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. +/// The type of remote defines the additional remote details where are used for defining the remote. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterNetworkSecurityGroupsRulesDestinationRemotes { + /// address is the address to use for the remote's destination/source. + /// Only used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub address: Option, + /// cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source. + /// Only used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrSubnetName")] + pub cidr_subnet_name: Option, + /// remoteType defines the type of filter to define for the remote's destination/source. + #[serde(rename = "remoteType")] + pub remote_type: IBMVPCClusterNetworkSecurityGroupsRulesDestinationRemotesRemoteType, + /// securityGroupName is the name of the VPC Security Group to use for the remote's destination/source. + /// Only used when remoteType is VPCSecurityGroupRuleRemoteTypeSG + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroupName")] + pub security_group_name: Option, +} + +/// VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. +/// The type of remote defines the additional remote details where are used for defining the remote. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkSecurityGroupsRulesDestinationRemotesRemoteType { + #[serde(rename = "any")] + Any, + #[serde(rename = "cidr")] + Cidr, + #[serde(rename = "address")] + Address, + #[serde(rename = "sg")] + Sg, +} + +/// VPCSecurityGroupRule defines a VPC Security Group Rule for a specified Security Group. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkSecurityGroupsRulesDirection { + #[serde(rename = "inbound")] + Inbound, + #[serde(rename = "outbound")] + Outbound, +} + +/// source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule. +/// Only used when direction is VPCSecurityGroupRuleDirectionInbound. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterNetworkSecurityGroupsRulesSource { + /// icmpCode is the ICMP code for the Rule. + /// Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpCode")] + pub icmp_code: Option, + /// icmpType is the ICMP type for the Rule. + /// Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpType")] + pub icmp_type: Option, + /// portRange is a range of ports allowed for the Rule's remote. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] + pub port_range: Option, + /// protocol defines the traffic protocol used for the Security Group Rule. + pub protocol: IBMVPCClusterNetworkSecurityGroupsRulesSourceProtocol, + /// remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote. + /// Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc. + /// This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc. + pub remotes: Vec, +} + +/// portRange is a range of ports allowed for the Rule's remote. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterNetworkSecurityGroupsRulesSourcePortRange { + /// maximumPort is the inclusive upper range of ports. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maximumPort")] + pub maximum_port: Option, + /// minimumPort is the inclusive lower range of ports. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minimumPort")] + pub minimum_port: Option, +} + +/// source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule. +/// Only used when direction is VPCSecurityGroupRuleDirectionInbound. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkSecurityGroupsRulesSourceProtocol { + #[serde(rename = "all")] + All, + #[serde(rename = "icmp")] + Icmp, + #[serde(rename = "tcp")] + Tcp, + #[serde(rename = "udp")] + Udp, +} + +/// VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. +/// The type of remote defines the additional remote details where are used for defining the remote. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct IBMVPCClusterNetworkSecurityGroupsRulesSourceRemotes { + /// address is the address to use for the remote's destination/source. + /// Only used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub address: Option, + /// cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source. + /// Only used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrSubnetName")] + pub cidr_subnet_name: Option, + /// remoteType defines the type of filter to define for the remote's destination/source. + #[serde(rename = "remoteType")] + pub remote_type: IBMVPCClusterNetworkSecurityGroupsRulesSourceRemotesRemoteType, + /// securityGroupName is the name of the VPC Security Group to use for the remote's destination/source. + /// Only used when remoteType is VPCSecurityGroupRuleRemoteTypeSG + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroupName")] + pub security_group_name: Option, +} + +/// VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. +/// The type of remote defines the additional remote details where are used for defining the remote. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum IBMVPCClusterNetworkSecurityGroupsRulesSourceRemotesRemoteType { + #[serde(rename = "any")] + Any, + #[serde(rename = "cidr")] + Cidr, + #[serde(rename = "address")] + Address, + #[serde(rename = "sg")] + Sg, +} + /// vpc defines the IBM Cloud VPC for extended VPC Infrastructure support. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMVPCClusterNetworkVpc { @@ -139,6 +695,9 @@ pub struct IBMVPCClusterStatus { /// ControlPlaneLoadBalancerState is the status of the load balancer. #[serde(default, skip_serializing_if = "Option::is_none", rename = "controlPlaneLoadBalancerState")] pub control_plane_load_balancer_state: Option, + /// image is the status of the VPC Custom Image. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// network is the status of the VPC network resources for extended VPC Infrastructure support. #[serde(default, skip_serializing_if = "Option::is_none")] pub network: Option, @@ -151,7 +710,6 @@ pub struct IBMVPCClusterStatus { /// Subnet describes a subnet. #[serde(default, skip_serializing_if = "Option::is_none")] pub subnet: Option, - /// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster /// Important: Run "make" to regenerate code after modifying this file /// dep: rely on Network instead. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -161,16 +719,96 @@ pub struct IBMVPCClusterStatus { pub vpc_endpoint: Option, } +/// image is the status of the VPC Custom Image. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterStatusImage { + /// id defines the Id of the IBM Cloud resource status. + pub id: String, + /// name defines the name of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// ready defines whether the IBM Cloud resource is ready. + pub ready: bool, +} + /// network is the status of the VPC network resources for extended VPC Infrastructure support. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMVPCClusterStatusNetwork { + /// controlPlaneSubnets references the VPC Subnets for the cluster's Control Plane. + /// The map simplifies lookups. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "controlPlaneSubnets")] + pub control_plane_subnets: Option>, + /// loadBalancers references the VPC Load Balancer's for the cluster. + /// The map simplifies lookups. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancers")] + pub load_balancers: Option>, + /// publicGateways references the VPC Public Gateways for the cluster. + /// The map simplifies lookups. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "publicGateways")] + pub public_gateways: Option>, /// resourceGroup references the Resource Group for Network resources for the cluster. /// This can be the same or unique from the cluster's Resource Group. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceGroup")] pub resource_group: Option, + /// securityGroups references the VPC Security Groups for the cluster. + /// The map simplifies lookups. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroups")] + pub security_groups: Option>, /// vpc references the status of the IBM Cloud VPC as part of the extended VPC Infrastructure support. #[serde(default, skip_serializing_if = "Option::is_none")] pub vpc: Option, + /// workerSubnets references the VPC Subnets for the cluster's Data Plane. + /// The map simplifies lookups. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workerSubnets")] + pub worker_subnets: Option>, +} + +/// controlPlaneSubnets references the VPC Subnets for the cluster's Control Plane. +/// The map simplifies lookups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterStatusNetworkControlPlaneSubnets { + /// id defines the Id of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name defines the name of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// ready defines whether the IBM Cloud resource is ready. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, +} + +/// loadBalancers references the VPC Load Balancer's for the cluster. +/// The map simplifies lookups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterStatusNetworkLoadBalancers { + /// controllerCreated indicates whether the resource is created by the controller. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "controllerCreated")] + pub controller_created: Option, + /// hostname is the hostname of load balancer. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hostname: Option, + /// id of VPC load balancer. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// State is the status of the load balancer. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub state: Option, +} + +/// publicGateways references the VPC Public Gateways for the cluster. +/// The map simplifies lookups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterStatusNetworkPublicGateways { + /// id defines the Id of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name defines the name of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// ready defines whether the IBM Cloud resource is ready. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, } /// resourceGroup references the Resource Group for Network resources for the cluster. @@ -186,6 +824,21 @@ pub struct IBMVPCClusterStatusNetworkResourceGroup { pub ready: bool, } +/// securityGroups references the VPC Security Groups for the cluster. +/// The map simplifies lookups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterStatusNetworkSecurityGroups { + /// id defines the Id of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name defines the name of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// ready defines whether the IBM Cloud resource is ready. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, +} + /// vpc references the status of the IBM Cloud VPC as part of the extended VPC Infrastructure support. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMVPCClusterStatusNetworkVpc { @@ -198,6 +851,21 @@ pub struct IBMVPCClusterStatusNetworkVpc { pub ready: bool, } +/// workerSubnets references the VPC Subnets for the cluster's Data Plane. +/// The map simplifies lookups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IBMVPCClusterStatusNetworkWorkerSubnets { + /// id defines the Id of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + /// name defines the name of the IBM Cloud resource status. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// ready defines whether the IBM Cloud resource is ready. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, +} + /// resourceGroup is the status of the cluster's Resource Group for extended VPC Infrastructure support. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMVPCClusterStatusResourceGroup { @@ -223,7 +891,6 @@ pub struct IBMVPCClusterStatusSubnet { pub zone: Option, } -/// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster /// Important: Run "make" to regenerate code after modifying this file /// dep: rely on Network instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/backups.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/backups.rs index 11441b7fe..7028a3f67 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/backups.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/backups.rs @@ -33,6 +33,7 @@ pub struct BackupSpec { /// Databases defines the logical databases to be backed up. If not provided, all databases are backed up. #[serde(default, skip_serializing_if = "Option::is_none")] pub databases: Option>, + /// FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failedJobsHistoryLimit")] pub failed_jobs_history_limit: Option, /// IgnoreGlobalPriv indicates to ignore the mysql.global_priv in backups. @@ -85,8 +86,10 @@ pub struct BackupSpec { pub service_account_name: Option, /// Storage to be used in the Backup. pub storage: BackupStorage, + /// SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "successfulJobsHistoryLimit")] pub successful_jobs_history_limit: Option, + /// TimeZone defines the timezone associated with the cron expression. #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeZone")] pub time_zone: Option, /// Tolerations to be used in the Pod. diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs index 428f5f156..9eeeed594 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/mariadbs.rs @@ -6165,9 +6165,9 @@ pub struct MariaDBGaleraRecovery { /// Job defines a Job that co-operates with mariadb-operator by performing the Galera cluster recovery . #[serde(default, skip_serializing_if = "Option::is_none")] pub job: Option, - /// MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (3) or a percentage (50%). + /// MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%). /// If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated. - /// It defaults to '50%' of the replicas specified by the MariaDB object. + /// It defaults to '1' replica. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minClusterSize")] pub min_cluster_size: Option, /// PodRecoveryTimeout is the time limit for recevorying the sequence of a Pod during the cluster recovery. diff --git a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/sqljobs.rs b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/sqljobs.rs index d0902d069..b028a1070 100644 --- a/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/sqljobs.rs +++ b/kube-custom-resources-rs/src/k8s_mariadb_com/v1alpha1/sqljobs.rs @@ -36,6 +36,7 @@ pub struct SqlJobSpec { /// DependsOn defines dependencies with other SqlJob objectecs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dependsOn")] pub depends_on: Option>, + /// FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failedJobsHistoryLimit")] pub failed_jobs_history_limit: Option, /// ImagePullSecrets is the list of pull Secrets to be used to pull the image. @@ -84,8 +85,10 @@ pub struct SqlJobSpec { /// It is defaulted to a ConfigMap with the contents of the Sql field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sqlConfigMapKeyRef")] pub sql_config_map_key_ref: Option, + /// SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "successfulJobsHistoryLimit")] pub successful_jobs_history_limit: Option, + /// TimeZone defines the timezone associated with the cron expression. #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeZone")] pub time_zone: Option, /// Tolerations to be used in the Pod. diff --git a/kube-custom-resources-rs/src/kafka_strimzi_io/v1alpha1/kafkausers.rs b/kube-custom-resources-rs/src/kafka_strimzi_io/v1alpha1/kafkausers.rs index d8e828609..650abc4aa 100644 --- a/kube-custom-resources-rs/src/kafka_strimzi_io/v1alpha1/kafkausers.rs +++ b/kube-custom-resources-rs/src/kafka_strimzi_io/v1alpha1/kafkausers.rs @@ -122,7 +122,7 @@ pub struct KafkaUserAuthorizationAcls { /// Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. #[serde(default, skip_serializing_if = "Option::is_none")] pub operation: Option, - /// List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. + /// List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource. #[serde(default, skip_serializing_if = "Option::is_none")] pub operations: Option>, /// Indicates the resource for which given ACL rule applies. diff --git a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta1/kafkausers.rs b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta1/kafkausers.rs index bd3a520a4..4e69eebdd 100644 --- a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta1/kafkausers.rs +++ b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta1/kafkausers.rs @@ -122,7 +122,7 @@ pub struct KafkaUserAuthorizationAcls { /// Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. #[serde(default, skip_serializing_if = "Option::is_none")] pub operation: Option, - /// List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. + /// List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource. #[serde(default, skip_serializing_if = "Option::is_none")] pub operations: Option>, /// Indicates the resource for which given ACL rule applies. diff --git a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkabridges.rs b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkabridges.rs index 51b38db85..0f12e35b4 100644 --- a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkabridges.rs +++ b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkabridges.rs @@ -97,12 +97,24 @@ pub struct KafkaBridgeAuthentication { /// Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTokenIsJwt")] pub access_token_is_jwt: Option, + /// Path to the token file containing an access token to be used for authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTokenLocation")] + pub access_token_location: Option, /// OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, /// Reference to the `Secret` which holds the certificate and private key pair. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateAndKey")] pub certificate_and_key: Option, + /// Link to Kubernetes secret containing the client assertion which was manually configured for the client. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertion")] + pub client_assertion: Option, + /// Path to the file containing the client assertion to be used for authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertionLocation")] + pub client_assertion_location: Option, + /// The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertionType")] + pub client_assertion_type: Option, /// OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientId")] pub client_id: Option, @@ -139,6 +151,9 @@ pub struct KafkaBridgeAuthentication { /// Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshToken")] pub refresh_token: Option, + /// SASL extensions parameters. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "saslExtensions")] + pub sasl_extensions: Option>, /// OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. #[serde(default, skip_serializing_if = "Option::is_none")] pub scope: Option, @@ -178,6 +193,16 @@ pub struct KafkaBridgeAuthenticationCertificateAndKey { pub secret_name: String, } +/// Link to Kubernetes secret containing the client assertion which was manually configured for the client. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeAuthenticationClientAssertion { + /// The key under which the secret value is stored in the Kubernetes Secret. + pub key: String, + /// The name of the Kubernetes Secret containing the secret value. + #[serde(rename = "secretName")] + pub secret_name: String, +} + /// Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaBridgeAuthenticationClientSecret { @@ -242,7 +267,7 @@ pub struct KafkaBridgeConsumer { /// The Kafka consumer configuration used for consumer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). #[serde(default, skip_serializing_if = "Option::is_none")] pub config: Option>, - /// Whether the HTTP consumer should be enabled or disabled, default is enabled. + /// Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`). #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// The timeout in seconds for deleting inactive consumers, default is -1 (disabled). @@ -370,7 +395,7 @@ pub struct KafkaBridgeProducer { /// The Kafka producer configuration used for producer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). #[serde(default, skip_serializing_if = "Option::is_none")] pub config: Option>, - /// Whether the HTTP producer should be enabled or disabled, default is enabled. + /// Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`). #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, } @@ -491,6 +516,9 @@ pub struct KafkaBridgeTemplateBridgeContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -580,6 +608,24 @@ pub struct KafkaBridgeTemplateBridgeContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplateBridgeContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for the Kafka Bridge ClusterRoleBinding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaBridgeTemplateClusterRoleBinding { @@ -637,6 +683,9 @@ pub struct KafkaBridgeTemplateInitContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -726,6 +775,24 @@ pub struct KafkaBridgeTemplateInitContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplateInitContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Kafka Bridge `Pods`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaBridgeTemplatePod { @@ -756,7 +823,7 @@ pub struct KafkaBridgeTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -765,6 +832,9 @@ pub struct KafkaBridgeTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -1248,6 +1318,97 @@ pub struct KafkaBridgeTemplatePodTopologySpreadConstraintsLabelSelectorMatchExpr pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaBridgeTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for Kafka Bridge `PodDisruptionBudget`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaBridgeTemplatePodDisruptionBudget { diff --git a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkaconnects.rs b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkaconnects.rs index a9c1fb68f..ee2eb1843 100644 --- a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkaconnects.rs +++ b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkaconnects.rs @@ -69,7 +69,7 @@ pub struct KafkaConnectSpec { /// The maximum limits for CPU and memory resources and the requested initial resources. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated. + /// Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated. #[serde(default, skip_serializing_if = "Option::is_none")] pub template: Option, /// TLS configuration. @@ -92,12 +92,24 @@ pub struct KafkaConnectAuthentication { /// Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTokenIsJwt")] pub access_token_is_jwt: Option, + /// Path to the token file containing an access token to be used for authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTokenLocation")] + pub access_token_location: Option, /// OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, /// Reference to the `Secret` which holds the certificate and private key pair. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateAndKey")] pub certificate_and_key: Option, + /// Link to Kubernetes secret containing the client assertion which was manually configured for the client. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertion")] + pub client_assertion: Option, + /// Path to the file containing the client assertion to be used for authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertionLocation")] + pub client_assertion_location: Option, + /// The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertionType")] + pub client_assertion_type: Option, /// OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientId")] pub client_id: Option, @@ -134,6 +146,9 @@ pub struct KafkaConnectAuthentication { /// Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshToken")] pub refresh_token: Option, + /// SASL extensions parameters. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "saslExtensions")] + pub sasl_extensions: Option>, /// OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. #[serde(default, skip_serializing_if = "Option::is_none")] pub scope: Option, @@ -173,6 +188,16 @@ pub struct KafkaConnectAuthenticationCertificateAndKey { pub secret_name: String, } +/// Link to Kubernetes secret containing the client assertion which was manually configured for the client. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectAuthenticationClientAssertion { + /// The key under which the secret value is stored in the Kubernetes Secret. + pub key: String, + /// The name of the Kubernetes Secret containing the secret value. + #[serde(rename = "secretName")] + pub secret_name: String, +} + /// Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaConnectAuthenticationClientSecret { @@ -646,7 +671,7 @@ pub struct KafkaConnectResourcesClaims { pub name: Option, } -/// Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated. +/// Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaConnectTemplate { /// Template for Kafka Connect API `Service`. @@ -760,6 +785,9 @@ pub struct KafkaConnectTemplateBuildContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -849,6 +877,24 @@ pub struct KafkaConnectTemplateBuildContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaConnectTemplateBuildPod { @@ -879,7 +925,7 @@ pub struct KafkaConnectTemplateBuildPod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -888,6 +934,9 @@ pub struct KafkaConnectTemplateBuildPod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -1371,6 +1420,97 @@ pub struct KafkaConnectTemplateBuildPodTopologySpreadConstraintsLabelSelectorMat pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildPodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildPodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildPodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildPodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildPodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildPodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildPodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateBuildPodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for the Kafka Connect Build service account. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaConnectTemplateBuildServiceAccount { @@ -1418,6 +1558,9 @@ pub struct KafkaConnectTemplateConnectContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1507,6 +1650,24 @@ pub struct KafkaConnectTemplateConnectContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateConnectContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Kafka Connect `Deployment`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaConnectTemplateDeployment { @@ -1578,6 +1739,9 @@ pub struct KafkaConnectTemplateInitContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1667,6 +1831,24 @@ pub struct KafkaConnectTemplateInitContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplateInitContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Secret of the Kafka Connect Cluster JMX authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaConnectTemplateJmxSecret { @@ -1716,7 +1898,7 @@ pub struct KafkaConnectTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -1725,6 +1907,9 @@ pub struct KafkaConnectTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -2208,6 +2393,97 @@ pub struct KafkaConnectTemplatePodTopologySpreadConstraintsLabelSelectorMatchExp pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaConnectTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for Kafka Connect `PodDisruptionBudget`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaConnectTemplatePodDisruptionBudget { diff --git a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkamirrormakers.rs b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkamirrormakers.rs index 1e6f8ffda..5cf4d3ec3 100644 --- a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkamirrormakers.rs +++ b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkamirrormakers.rs @@ -100,12 +100,24 @@ pub struct KafkaMirrorMakerConsumerAuthentication { /// Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTokenIsJwt")] pub access_token_is_jwt: Option, + /// Path to the token file containing an access token to be used for authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTokenLocation")] + pub access_token_location: Option, /// OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, /// Reference to the `Secret` which holds the certificate and private key pair. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateAndKey")] pub certificate_and_key: Option, + /// Link to Kubernetes secret containing the client assertion which was manually configured for the client. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertion")] + pub client_assertion: Option, + /// Path to the file containing the client assertion to be used for authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertionLocation")] + pub client_assertion_location: Option, + /// The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertionType")] + pub client_assertion_type: Option, /// OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientId")] pub client_id: Option, @@ -142,6 +154,9 @@ pub struct KafkaMirrorMakerConsumerAuthentication { /// Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshToken")] pub refresh_token: Option, + /// SASL extensions parameters. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "saslExtensions")] + pub sasl_extensions: Option>, /// OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. #[serde(default, skip_serializing_if = "Option::is_none")] pub scope: Option, @@ -181,6 +196,16 @@ pub struct KafkaMirrorMakerConsumerAuthenticationCertificateAndKey { pub secret_name: String, } +/// Link to Kubernetes secret containing the client assertion which was manually configured for the client. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerConsumerAuthenticationClientAssertion { + /// The key under which the secret value is stored in the Kubernetes Secret. + pub key: String, + /// The name of the Kubernetes Secret containing the secret value. + #[serde(rename = "secretName")] + pub secret_name: String, +} + /// Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaMirrorMakerConsumerAuthenticationClientSecret { @@ -418,12 +443,24 @@ pub struct KafkaMirrorMakerProducerAuthentication { /// Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTokenIsJwt")] pub access_token_is_jwt: Option, + /// Path to the token file containing an access token to be used for authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTokenLocation")] + pub access_token_location: Option, /// OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, /// Reference to the `Secret` which holds the certificate and private key pair. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateAndKey")] pub certificate_and_key: Option, + /// Link to Kubernetes secret containing the client assertion which was manually configured for the client. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertion")] + pub client_assertion: Option, + /// Path to the file containing the client assertion to be used for authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertionLocation")] + pub client_assertion_location: Option, + /// The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientAssertionType")] + pub client_assertion_type: Option, /// OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientId")] pub client_id: Option, @@ -460,6 +497,9 @@ pub struct KafkaMirrorMakerProducerAuthentication { /// Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshToken")] pub refresh_token: Option, + /// SASL extensions parameters. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "saslExtensions")] + pub sasl_extensions: Option>, /// OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. #[serde(default, skip_serializing_if = "Option::is_none")] pub scope: Option, @@ -499,6 +539,16 @@ pub struct KafkaMirrorMakerProducerAuthenticationCertificateAndKey { pub secret_name: String, } +/// Link to Kubernetes secret containing the client assertion which was manually configured for the client. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerProducerAuthenticationClientAssertion { + /// The key under which the secret value is stored in the Kubernetes Secret. + pub key: String, + /// The name of the Kubernetes Secret containing the secret value. + #[serde(rename = "secretName")] + pub secret_name: String, +} + /// Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaMirrorMakerProducerAuthenticationClientSecret { @@ -673,6 +723,9 @@ pub struct KafkaMirrorMakerTemplateMirrorMakerContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -762,6 +815,24 @@ pub struct KafkaMirrorMakerTemplateMirrorMakerContainerSecurityContextWindowsOpt pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplateMirrorMakerContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Kafka MirrorMaker `Pods`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaMirrorMakerTemplatePod { @@ -792,7 +863,7 @@ pub struct KafkaMirrorMakerTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -801,6 +872,9 @@ pub struct KafkaMirrorMakerTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -1284,6 +1358,97 @@ pub struct KafkaMirrorMakerTemplatePodTopologySpreadConstraintsLabelSelectorMatc pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaMirrorMakerTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for Kafka MirrorMaker `PodDisruptionBudget`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaMirrorMakerTemplatePodDisruptionBudget { diff --git a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkas.rs b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkas.rs index bea7a7733..69617b61f 100644 --- a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkas.rs +++ b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkas.rs @@ -110,6 +110,9 @@ pub enum KafkaClusterCaCertificateExpirationPolicy { /// Configuration for Cruise Control deployment. Deploys a Cruise Control instance when specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaCruiseControl { + /// Configuration of the Cruise Control REST API users. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiUsers")] + pub api_users: Option, /// The Cruise Control `brokerCapacity` configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "brokerCapacity")] pub broker_capacity: Option, @@ -145,6 +148,43 @@ pub struct KafkaCruiseControl { pub tls_sidecar: Option, } +/// Configuration of the Cruise Control REST API users. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct KafkaCruiseControlApiUsers { + /// Type of the Cruise Control API users configuration. Supported format is: `hashLoginService`. + #[serde(rename = "type")] + pub r#type: KafkaCruiseControlApiUsersType, + /// Secret from which the custom Cruise Control API authentication credentials are read. + #[serde(rename = "valueFrom")] + pub value_from: KafkaCruiseControlApiUsersValueFrom, +} + +/// Configuration of the Cruise Control REST API users. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum KafkaCruiseControlApiUsersType { + #[serde(rename = "hashLoginService")] + HashLoginService, +} + +/// Secret from which the custom Cruise Control API authentication credentials are read. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlApiUsersValueFrom { + /// Selects a key of a Secret in the resource's namespace. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a Secret in the resource's namespace. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlApiUsersValueFromSecretKeyRef { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// The Cruise Control `brokerCapacity` configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaCruiseControlBrokerCapacity { @@ -417,6 +457,9 @@ pub struct KafkaCruiseControlTemplateCruiseControlContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -506,6 +549,24 @@ pub struct KafkaCruiseControlTemplateCruiseControlContainerSecurityContextWindow pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplateCruiseControlContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Cruise Control `Deployment`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaCruiseControlTemplateDeployment { @@ -565,7 +626,7 @@ pub struct KafkaCruiseControlTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -574,6 +635,9 @@ pub struct KafkaCruiseControlTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -1057,6 +1121,97 @@ pub struct KafkaCruiseControlTemplatePodTopologySpreadConstraintsLabelSelectorMa pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for Cruise Control `PodDisruptionBudget`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaCruiseControlTemplatePodDisruptionBudget { @@ -1107,6 +1262,9 @@ pub struct KafkaCruiseControlTemplateTlsSidecarContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -1196,6 +1354,24 @@ pub struct KafkaCruiseControlTemplateTlsSidecarContainerSecurityContextWindowsOp pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaCruiseControlTemplateTlsSidecarContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// TLS sidecar configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaCruiseControlTlsSidecar { @@ -1421,7 +1597,7 @@ pub struct KafkaEntityOperatorTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -1430,6 +1606,9 @@ pub struct KafkaEntityOperatorTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -1913,6 +2092,97 @@ pub struct KafkaEntityOperatorTemplatePodTopologySpreadConstraintsLabelSelectorM pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for the Entity Operator service account. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaEntityOperatorTemplateServiceAccount { @@ -1941,6 +2211,9 @@ pub struct KafkaEntityOperatorTemplateTlsSidecarContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2030,6 +2303,24 @@ pub struct KafkaEntityOperatorTemplateTlsSidecarContainerSecurityContextWindowsO pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplateTlsSidecarContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for the Entity Topic Operator container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaEntityOperatorTemplateTopicOperatorContainer { @@ -2039,6 +2330,9 @@ pub struct KafkaEntityOperatorTemplateTopicOperatorContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2128,6 +2422,24 @@ pub struct KafkaEntityOperatorTemplateTopicOperatorContainerSecurityContextWindo pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplateTopicOperatorContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for the Entity Topic Operator RoleBinding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaEntityOperatorTemplateTopicOperatorRoleBinding { @@ -2156,6 +2468,9 @@ pub struct KafkaEntityOperatorTemplateUserOperatorContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2245,6 +2560,24 @@ pub struct KafkaEntityOperatorTemplateUserOperatorContainerSecurityContextWindow pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaEntityOperatorTemplateUserOperatorContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for the Entity Topic Operator RoleBinding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaEntityOperatorTemplateUserOperatorRoleBinding { @@ -2817,6 +3150,9 @@ pub struct KafkaJmxTransTemplateContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2906,6 +3242,24 @@ pub struct KafkaJmxTransTemplateContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplateContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for JmxTrans `Deployment`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaJmxTransTemplateDeployment { @@ -2965,7 +3319,7 @@ pub struct KafkaJmxTransTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -2974,6 +3328,9 @@ pub struct KafkaJmxTransTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -3457,6 +3814,97 @@ pub struct KafkaJmxTransTemplatePodTopologySpreadConstraintsLabelSelectorMatchEx pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaJmxTransTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for the JmxTrans service account. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaJmxTransTemplateServiceAccount { @@ -3497,7 +3945,7 @@ pub struct KafkaKafka { /// JVM Options for pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "jvmOptions")] pub jvm_options: Option, - /// Configures listeners of Kafka brokers. + /// Configures listeners to provide access to Kafka brokers. pub listeners: Vec, /// Pod liveness checking. #[serde(default, skip_serializing_if = "Option::is_none", rename = "livenessProbe")] @@ -3711,7 +4159,7 @@ pub struct KafkaKafkaListeners { pub network_policy_peers: Option>, /// Port number used by the listener inside Kafka. The port number has to be unique within a given Kafka cluster. Allowed port numbers are 9092 and higher with the exception of ports 9404 and 9999, which are already used for Prometheus and JMX. Depending on the listener type, the port number might not be the same as the port number that connects Kafka clients. pub port: i64, - /// Enables TLS encryption on the listener. This is a required property. + /// Enables TLS encryption on the listener. This is a required property. For `route` and `ingress` type listeners, TLS encryption must be always enabled. pub tls: bool, /// Type of the listener. The supported types are as follows: /// @@ -3777,7 +4225,7 @@ pub struct KafkaKafkaListenersAuthentication { /// Enable or disable termination of Kafka broker processes due to potentially recoverable runtime errors during startup. Default value is `true`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failFast")] pub fail_fast: Option, - /// The fallback username claim to be used for the user id if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client id being provided in another claim. It only takes effect if `userNameClaim` is set. + /// The fallback username claim to be used for the user ID if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client ID being provided in another claim. It only takes effect if `userNameClaim` is set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fallbackUserNameClaim")] pub fallback_user_name_claim: Option, /// The prefix to use with the value of `fallbackUserNameClaim` to construct the user id. This only takes effect if `fallbackUserNameClaim` is true, and the value is present for the claim. Mapping usernames and client ids into the same user id space is useful in preventing name collisions. @@ -3816,7 +4264,7 @@ pub struct KafkaKafkaListenersAuthentication { /// Configures how often are the JWKS certificates refreshed. The refresh interval has to be at least 60 seconds shorter then the expiry interval specified in `jwksExpirySeconds`. Defaults to 300 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "jwksRefreshSeconds")] pub jwks_refresh_seconds: Option, - /// Configuration to be used for a specific listener. All values are prefixed with listener.name.__. + /// Configuration to be used for a specific listener. All values are prefixed with `listener.name.`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "listenerConfig")] pub listener_config: Option>, /// Maximum number of seconds the authenticated session remains valid without re-authentication. This enables Apache Kafka re-authentication feature, and causes sessions to expire when the access token expires. If the access token expires before max time or if max time is reached, the client has to re-authenticate, otherwise the server will drop the connection. Not set by default - the authenticated session does not expire when the access token expires. This option only applies to SASL_OAUTHBEARER authentication mechanism (when `enableOauthBearer` is `true`). @@ -3828,9 +4276,12 @@ pub struct KafkaKafkaListenersAuthentication { /// Enable or disable SASL on this listener. #[serde(default, skip_serializing_if = "Option::is_none")] pub sasl: Option, - /// Secrets to be mounted to /opt/kafka/custom-authn-secrets/custom-listener-_-_/__. + /// Secrets to be mounted to `/opt/kafka/custom-authn-secrets/custom-listener--/`. #[serde(default, skip_serializing_if = "Option::is_none")] pub secrets: Option>, + /// Path to the file on the local filesystem that contains a bearer token to be used instead of client ID and secret when authenticating to authorization server. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverBearerTokenLocation")] + pub server_bearer_token_location: Option, /// Trusted certificates for TLS connection to the OAuth server. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsTrustedCertificates")] pub tls_trusted_certificates: Option>, @@ -3846,6 +4297,9 @@ pub struct KafkaKafkaListenersAuthentication { /// Name of the claim from the JWT authentication token, Introspection Endpoint response or User Info Endpoint response which will be used to extract the user id. Defaults to `sub`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "userNameClaim")] pub user_name_claim: Option, + /// The prefix to use with the value of `userNameClaim` to construct the user ID. This only takes effect if `userNameClaim` is specified and the value is present for the claim. When used in combination with `fallbackUserNameClaims`, it ensures consistent mapping of usernames and client IDs into the same user ID space and prevents name collisions. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userNamePrefix")] + pub user_name_prefix: Option, /// URI of the token issuer used for authentication. #[serde(default, skip_serializing_if = "Option::is_none", rename = "validIssuerUri")] pub valid_issuer_uri: Option, @@ -3911,25 +4365,41 @@ pub struct KafkaKafkaListenersConfiguration { /// Per-broker configurations. #[serde(default, skip_serializing_if = "Option::is_none")] pub brokers: Option>, - /// Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller will be used. This field can only be used with `ingress` and `loadbalancer` type listeners. If not specified, the default controller is used. For an `ingress` listener, set the `ingressClassName` property in the `Ingress` resources. For a `loadbalancer` listener, set the `loadBalancerClass` property in the `Service` resources. + /// Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller is used. If not specified, the default controller is used. + /// + /// * For an `ingress` listener, the operator uses this property to set the `ingressClassName` property in the `Ingress` resources. + /// * For a `loadbalancer` listener, the operator uses this property to set the `loadBalancerClass` property in the `Service` resources. + /// + /// For `ingress` and `loadbalancer` listeners only. #[serde(default, skip_serializing_if = "Option::is_none")] pub class: Option, - /// Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadBalancer` type listener. + /// Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadbalancer` listener. #[serde(default, skip_serializing_if = "Option::is_none", rename = "createBootstrapService")] pub create_bootstrap_service: Option, - /// Specifies whether the service routes external traffic to node-local or cluster-wide endpoints. `Cluster` may cause a second hop to another node and obscures the client source IP. `Local` avoids a second hop for LoadBalancer and Nodeport type services and preserves the client source IP (when supported by the infrastructure). If unspecified, Kubernetes will use `Cluster` as the default.This field can be used only with `loadbalancer` or `nodeport` type listener. + /// Specifies whether the service routes external traffic to cluster-wide or node-local endpoints: + /// + /// * `Cluster` may cause a second hop to another node and obscures the client source IP. + /// * `Local` avoids a second hop for `LoadBalancer` and `Nodeport` type services and preserves the client source IP (when supported by the infrastructure). + /// + /// If unspecified, Kubernetes uses `Cluster` as the default. For `loadbalancer` or `nodeport` listeners only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalTrafficPolicy")] pub external_traffic_policy: Option, - /// A list of finalizers which will be configured for the `LoadBalancer` type Services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. This field can be used only with `loadbalancer` type listeners. + /// A list of finalizers configured for the `LoadBalancer` type services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. For `loadbalancer` listeners only. #[serde(default, skip_serializing_if = "Option::is_none")] pub finalizers: Option>, /// Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilies")] pub ip_families: Option>, - /// Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. + /// Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`: + /// + /// * `SingleStack` is for a single IP family. + /// * `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. + /// * `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. + /// + /// If unspecified, Kubernetes will choose the default value based on the service type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilyPolicy")] pub ip_family_policy: Option, - /// A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to load balancer type listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. This field can be used only with `loadbalancer` type listener. + /// A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to loadbalancer listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerSourceRanges")] pub load_balancer_source_ranges: Option>, /// The maximum connection creation rate we allow in this listener at any time. New connections will be throttled if the limit is reached. @@ -3938,7 +4408,7 @@ pub struct KafkaKafkaListenersConfiguration { /// The maximum number of connections we allow for this listener in the broker at any time. New connections are blocked if the limit is reached. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConnections")] pub max_connections: Option, - /// Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses will be used in the following order (the first one found will be used): + /// Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses are used in the following order (the first one found is used): /// /// * `ExternalDNS` /// * `ExternalIP` @@ -3946,13 +4416,18 @@ pub struct KafkaKafkaListenersConfiguration { /// * `InternalIP` /// * `Hostname` /// - /// This field is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order. This field can only be used with `nodeport` type listener. + /// This property is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order.For `nodeport` listeners only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredNodePortAddressType")] pub preferred_node_port_address_type: Option, - /// Configures whether the service endpoints are considered "ready" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` type listeners. + /// Configures whether the service endpoints are considered "ready" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` listeners. #[serde(default, skip_serializing_if = "Option::is_none", rename = "publishNotReadyAddresses")] pub publish_not_ready_addresses: Option, - /// Configures whether the Kubernetes service DNS domain should be used or not. If set to `true`, the generated addresses will contain the service DNS domain suffix (by default `.cluster.local`, can be configured using environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`). Defaults to `false`.This field can be used only with `internal` and `cluster-ip` type listeners. + /// Configures whether the Kubernetes service DNS domain should be included in the generated addresses. + /// + /// * If set to `false`, the generated addresses do not contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc`. + /// * If set to `true`, the generated addresses contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc.cluster.local`. + /// + /// The default is `.cluster.local`, but this is customizable using the environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`. For `internal` and `cluster-ip` listeners only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useServiceDnsDomain")] pub use_service_dns_domain: Option, } @@ -3963,22 +4438,22 @@ pub struct KafkaKafkaListenersConfigurationBootstrap { /// Additional alternative names for the bootstrap service. The alternative names will be added to the list of subject alternative names of the TLS certificates. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alternativeNames")] pub alternative_names: Option>, - /// Annotations that will be added to the `Ingress`, `Route`, or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners. + /// Annotations added to `Ingress`, `Route`, or `Service` resources. You can use this property to configure DNS providers such as External DNS. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only. #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, - /// External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This field is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. This field can only be used with `nodeport` type listener. + /// External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This property is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. For `nodeport` listeners only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalIPs")] pub external_i_ps: Option>, - /// The bootstrap host. This field will be used in the Ingress resource or in the Route resource to specify the desired hostname. This field can be used only with `route` (optional) or `ingress` (required) type listeners. + /// Specifies the hostname used for the bootstrap resource. For `route` (optional) or `ingress` (required) listeners only. Ensure the hostname resolves to the Ingress endpoints; no validation is performed by Strimzi. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners. + /// Labels added to `Ingress`, `Route`, or `Service` resources. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, - /// The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This field is ignored if the cloud provider does not support the feature.This field can be used only with `loadbalancer` type listener. + /// The loadbalancer is requested with the IP address specified in this property. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This property is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerIP")] pub load_balancer_ip: Option, - /// Node port for the bootstrap service. This field can be used only with `nodeport` type listener. + /// Node port for the bootstrap service. For `nodeport` listeners only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePort")] pub node_port: Option, } @@ -4321,7 +4796,7 @@ pub struct KafkaKafkaStorage { /// Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "kraftMetadata")] pub kraft_metadata: Option, - /// Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + /// Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. #[serde(default, skip_serializing_if = "Option::is_none")] pub overrides: Option>, /// Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. @@ -4383,7 +4858,7 @@ pub struct KafkaKafkaStorageVolumes { /// Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "kraftMetadata")] pub kraft_metadata: Option, - /// Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + /// Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. #[serde(default, skip_serializing_if = "Option::is_none")] pub overrides: Option>, /// Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. @@ -4656,6 +5131,9 @@ pub struct KafkaKafkaTemplateInitContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -4745,6 +5223,24 @@ pub struct KafkaKafkaTemplateInitContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplateInitContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Secret of the Kafka Cluster JMX authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaKafkaTemplateJmxSecret { @@ -4773,6 +5269,9 @@ pub struct KafkaKafkaTemplateKafkaContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -4862,6 +5361,24 @@ pub struct KafkaKafkaTemplateKafkaContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplateKafkaContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Kafka per-pod `Ingress` used for access from outside of Kubernetes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaKafkaTemplatePerPodIngress { @@ -4968,7 +5485,7 @@ pub struct KafkaKafkaTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -4977,6 +5494,9 @@ pub struct KafkaKafkaTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -5460,6 +5980,97 @@ pub struct KafkaKafkaTemplatePodTopologySpreadConstraintsLabelSelectorMatchExpre pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for Kafka `PodDisruptionBudget`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaKafkaTemplatePodDisruptionBudget { @@ -5708,6 +6319,9 @@ pub struct KafkaKafkaExporterTemplateContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5797,6 +6411,24 @@ pub struct KafkaKafkaExporterTemplateContainerSecurityContextWindowsOptions { pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplateContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// Template for Kafka Exporter `Deployment`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaKafkaExporterTemplateDeployment { @@ -5856,7 +6488,7 @@ pub struct KafkaKafkaExporterTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -5865,6 +6497,9 @@ pub struct KafkaKafkaExporterTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -6348,6 +6983,97 @@ pub struct KafkaKafkaExporterTemplatePodTopologySpreadConstraintsLabelSelectorMa pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaKafkaExporterTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for Kafka Exporter `Service`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaKafkaExporterTemplateService { @@ -6629,7 +7355,7 @@ pub struct KafkaZookeeperStorage { /// Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "kraftMetadata")] pub kraft_metadata: Option, - /// Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + /// Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. #[serde(default, skip_serializing_if = "Option::is_none")] pub overrides: Option>, /// Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. @@ -6841,7 +7567,7 @@ pub struct KafkaZookeeperTemplatePod { /// The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, - /// Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + /// Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tmpDirSizeLimit")] pub tmp_dir_size_limit: Option, /// The pod's tolerations. @@ -6850,6 +7576,9 @@ pub struct KafkaZookeeperTemplatePod { /// The pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, + /// Additional volumes that can be mounted to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// The pod's affinity rules. @@ -7333,6 +8062,97 @@ pub struct KafkaZookeeperTemplatePodTopologySpreadConstraintsLabelSelectorMatchE pub values: Option>, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplatePodVolumes { + /// ConfigMap to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// EmptyDir to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Name to use for the volume. Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// PersistentVolumeClaim object to use to populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// Secret to use populate the volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplatePodVolumesConfigMap { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplatePodVolumesConfigMapItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EmptyDir to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplatePodVolumesEmptyDir { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplatePodVolumesEmptyDirSizeLimit { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub amount: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, +} + +/// PersistentVolumeClaim object to use to populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplatePodVolumesPersistentVolumeClaim { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "claimName")] + pub claim_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// Secret to use populate the volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplatePodVolumesSecret { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplatePodVolumesSecretItems { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + /// Template for ZooKeeper `PodDisruptionBudget`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaZookeeperTemplatePodDisruptionBudget { @@ -7431,6 +8251,9 @@ pub struct KafkaZookeeperTemplateZookeeperContainer { /// Security context for the container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Additional volume mounts which should be applied to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -7520,6 +8343,24 @@ pub struct KafkaZookeeperTemplateZookeeperContainerSecurityContextWindowsOptions pub run_as_user_name: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KafkaZookeeperTemplateZookeeperContainerVolumeMounts { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, +} + /// The status of the Kafka and ZooKeeper clusters, and Topic Operator. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KafkaStatus { @@ -7550,6 +8391,9 @@ pub struct KafkaStatus { /// The version of the Strimzi Cluster Operator which performed the last successful reconciliation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "operatorLastSuccessfulVersion")] pub operator_last_successful_version: Option, + /// Registered node IDs used by this Kafka cluster. This field is used for internal purposes only and will be removed in the future. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "registeredNodeIds")] + pub registered_node_ids: Option>, } /// The status of the Kafka and ZooKeeper clusters, and Topic Operator. diff --git a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkausers.rs b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkausers.rs index 3605c10ba..0dad0af88 100644 --- a/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkausers.rs +++ b/kube-custom-resources-rs/src/kafka_strimzi_io/v1beta2/kafkausers.rs @@ -122,7 +122,7 @@ pub struct KafkaUserAuthorizationAcls { /// Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. #[serde(default, skip_serializing_if = "Option::is_none")] pub operation: Option, - /// List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. + /// List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource. #[serde(default, skip_serializing_if = "Option::is_none")] pub operations: Option>, /// Indicates the resource for which given ACL rule applies. diff --git a/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs b/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs index a40d3ba06..7a4b2e1cc 100644 --- a/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs +++ b/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs @@ -82,7 +82,7 @@ pub struct NodePoolDisruptionBudgets { pub nodes: String, /// Reasons is a list of disruption methods that this budget applies to. If Reasons is not set, this budget applies to all methods. /// Otherwise, this will apply to each reason defined. - /// allowed reasons are Underutilized, Empty, and Drifted. + /// allowed reasons are Underutilized, Empty, and Drifted and additional CloudProvider-specific reasons. #[serde(default, skip_serializing_if = "Option::is_none")] pub reasons: Option>, /// Schedule specifies when a budget begins being active, following diff --git a/kube-custom-resources-rs/src/kibana_k8s_elastic_co/v1/kibanas.rs b/kube-custom-resources-rs/src/kibana_k8s_elastic_co/v1/kibanas.rs index 51671c71c..da777bcb8 100644 --- a/kube-custom-resources-rs/src/kibana_k8s_elastic_co/v1/kibanas.rs +++ b/kube-custom-resources-rs/src/kibana_k8s_elastic_co/v1/kibanas.rs @@ -202,7 +202,6 @@ pub struct KibanaHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -269,7 +268,6 @@ pub struct KibanaHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -382,17 +380,14 @@ pub struct KibanaHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -457,7 +452,6 @@ pub struct KibanaHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -471,7 +465,6 @@ pub struct KibanaHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -715,9 +708,11 @@ pub struct KibanaPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -728,11 +723,9 @@ pub struct KibanaPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -747,6 +740,7 @@ pub struct KibanaPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -799,11 +793,9 @@ pub struct KibanaPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -828,7 +820,6 @@ pub struct KibanaPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -1092,7 +1083,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgno /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1103,7 +1094,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgno /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1213,7 +1204,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnor /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1224,7 +1215,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnor /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1365,7 +1356,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAntiAffinityPreferredDuringScheduling /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1376,7 +1367,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAntiAffinityPreferredDuringScheduling /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1486,7 +1477,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1497,7 +1488,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1803,9 +1794,7 @@ pub struct KibanaPodTemplateSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1848,9 +1837,7 @@ pub struct KibanaPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1879,9 +1866,7 @@ pub struct KibanaPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1896,9 +1881,7 @@ pub struct KibanaPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2183,7 +2166,6 @@ pub struct KibanaPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2334,7 +2316,6 @@ pub struct KibanaPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2406,11 +2387,9 @@ pub struct KibanaPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2433,6 +2412,11 @@ pub struct KibanaPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2466,7 +2450,7 @@ pub struct KibanaPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2589,7 +2573,6 @@ pub struct KibanaPodTemplateSpecContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2701,7 +2684,6 @@ pub struct KibanaPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2786,10 +2768,8 @@ pub struct KibanaPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2797,11 +2777,9 @@ pub struct KibanaPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2856,7 +2834,6 @@ pub struct KibanaPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2957,7 +2934,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -3048,9 +3024,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3093,9 +3067,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3124,9 +3096,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3141,9 +3111,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3424,7 +3392,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3572,7 +3539,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3643,11 +3609,9 @@ pub struct KibanaPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3670,6 +3634,11 @@ pub struct KibanaPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3702,7 +3671,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3825,7 +3794,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainersSecurityContextSeccompProfile /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3931,7 +3899,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4016,10 +3983,8 @@ pub struct KibanaPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4027,11 +3992,9 @@ pub struct KibanaPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4066,9 +4029,7 @@ pub struct KibanaPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4289,9 +4250,7 @@ pub struct KibanaPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4334,9 +4293,7 @@ pub struct KibanaPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4365,9 +4322,7 @@ pub struct KibanaPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4382,9 +4337,7 @@ pub struct KibanaPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4669,7 +4622,6 @@ pub struct KibanaPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4820,7 +4772,6 @@ pub struct KibanaPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4892,11 +4843,9 @@ pub struct KibanaPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4919,6 +4868,11 @@ pub struct KibanaPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4952,7 +4906,7 @@ pub struct KibanaPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -5075,7 +5029,6 @@ pub struct KibanaPodTemplateSpecInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5187,7 +5140,6 @@ pub struct KibanaPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5272,10 +5224,8 @@ pub struct KibanaPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5283,11 +5233,9 @@ pub struct KibanaPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5306,11 +5254,9 @@ pub struct KibanaPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5325,6 +5271,7 @@ pub struct KibanaPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5352,7 +5299,10 @@ pub struct KibanaPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5360,32 +5310,28 @@ pub struct KibanaPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct KibanaPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5410,12 +5356,10 @@ pub struct KibanaPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5465,15 +5409,24 @@ pub struct KibanaPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5541,7 +5494,6 @@ pub struct KibanaPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5633,7 +5585,6 @@ pub struct KibanaPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5667,7 +5618,6 @@ pub struct KibanaPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5683,7 +5633,6 @@ pub struct KibanaPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5694,7 +5643,6 @@ pub struct KibanaPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5803,7 +5751,6 @@ pub struct KibanaPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5814,17 +5761,14 @@ pub struct KibanaPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5859,11 +5803,24 @@ pub struct KibanaPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5922,7 +5879,6 @@ pub struct KibanaPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6018,9 +5974,7 @@ pub struct KibanaPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6058,9 +6012,7 @@ pub struct KibanaPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6090,9 +6042,7 @@ pub struct KibanaPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6159,9 +6109,7 @@ pub struct KibanaPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6255,7 +6203,6 @@ pub struct KibanaPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6266,17 +6213,14 @@ pub struct KibanaPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6289,7 +6233,6 @@ pub struct KibanaPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6299,11 +6242,9 @@ pub struct KibanaPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6317,7 +6258,6 @@ pub struct KibanaPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6327,11 +6267,9 @@ pub struct KibanaPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KibanaPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6434,7 +6372,7 @@ pub struct KibanaPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6563,7 +6501,6 @@ pub struct KibanaPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6620,9 +6557,7 @@ pub struct KibanaPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6648,7 +6583,6 @@ pub struct KibanaPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6710,9 +6644,6 @@ pub struct KibanaPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KibanaPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6726,6 +6657,39 @@ pub struct KibanaPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KibanaPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6741,7 +6705,6 @@ pub struct KibanaPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6781,9 +6744,7 @@ pub struct KibanaPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6861,25 +6822,24 @@ pub struct KibanaPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KibanaPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6904,14 +6864,11 @@ pub struct KibanaPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6994,9 +6951,7 @@ pub struct KibanaPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -7095,9 +7050,7 @@ pub struct KibanaPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7182,7 +7135,6 @@ pub struct KibanaPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7229,9 +7181,7 @@ pub struct KibanaPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7284,9 +7234,7 @@ pub struct KibanaPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7380,9 +7328,7 @@ pub struct KibanaPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/kibana_k8s_elastic_co/v1beta1/kibanas.rs b/kube-custom-resources-rs/src/kibana_k8s_elastic_co/v1beta1/kibanas.rs index 33be47716..8e62e36bd 100644 --- a/kube-custom-resources-rs/src/kibana_k8s_elastic_co/v1beta1/kibanas.rs +++ b/kube-custom-resources-rs/src/kibana_k8s_elastic_co/v1beta1/kibanas.rs @@ -143,7 +143,6 @@ pub struct KibanaHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -210,7 +209,6 @@ pub struct KibanaHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -323,17 +321,14 @@ pub struct KibanaHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -398,7 +393,6 @@ pub struct KibanaHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -412,7 +406,6 @@ pub struct KibanaHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -570,9 +563,11 @@ pub struct KibanaPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -583,11 +578,9 @@ pub struct KibanaPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -602,6 +595,7 @@ pub struct KibanaPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -654,11 +648,9 @@ pub struct KibanaPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -683,7 +675,6 @@ pub struct KibanaPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -947,7 +938,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgno /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -958,7 +949,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgno /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1068,7 +1059,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnor /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1079,7 +1070,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnor /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1220,7 +1211,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAntiAffinityPreferredDuringScheduling /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1231,7 +1222,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAntiAffinityPreferredDuringScheduling /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1341,7 +1332,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1352,7 +1343,7 @@ pub struct KibanaPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1658,9 +1649,7 @@ pub struct KibanaPodTemplateSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1703,9 +1692,7 @@ pub struct KibanaPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1734,9 +1721,7 @@ pub struct KibanaPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1751,9 +1736,7 @@ pub struct KibanaPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2038,7 +2021,6 @@ pub struct KibanaPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2189,7 +2171,6 @@ pub struct KibanaPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2261,11 +2242,9 @@ pub struct KibanaPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2288,6 +2267,11 @@ pub struct KibanaPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2321,7 +2305,7 @@ pub struct KibanaPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2444,7 +2428,6 @@ pub struct KibanaPodTemplateSpecContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2556,7 +2539,6 @@ pub struct KibanaPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2641,10 +2623,8 @@ pub struct KibanaPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2652,11 +2632,9 @@ pub struct KibanaPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2711,7 +2689,6 @@ pub struct KibanaPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2812,7 +2789,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2903,9 +2879,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2948,9 +2922,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2979,9 +2951,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2996,9 +2966,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3279,7 +3247,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3427,7 +3394,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3498,11 +3464,9 @@ pub struct KibanaPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3525,6 +3489,11 @@ pub struct KibanaPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3557,7 +3526,7 @@ pub struct KibanaPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3680,7 +3649,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainersSecurityContextSeccompProfile /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3786,7 +3754,6 @@ pub struct KibanaPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3871,10 +3838,8 @@ pub struct KibanaPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3882,11 +3847,9 @@ pub struct KibanaPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3921,9 +3884,7 @@ pub struct KibanaPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4144,9 +4105,7 @@ pub struct KibanaPodTemplateSpecInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4189,9 +4148,7 @@ pub struct KibanaPodTemplateSpecInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4220,9 +4177,7 @@ pub struct KibanaPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4237,9 +4192,7 @@ pub struct KibanaPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4524,7 +4477,6 @@ pub struct KibanaPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4675,7 +4627,6 @@ pub struct KibanaPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4747,11 +4698,9 @@ pub struct KibanaPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4774,6 +4723,11 @@ pub struct KibanaPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4807,7 +4761,7 @@ pub struct KibanaPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4930,7 +4884,6 @@ pub struct KibanaPodTemplateSpecInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5042,7 +4995,6 @@ pub struct KibanaPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5127,10 +5079,8 @@ pub struct KibanaPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5138,11 +5088,9 @@ pub struct KibanaPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5161,11 +5109,9 @@ pub struct KibanaPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5180,6 +5126,7 @@ pub struct KibanaPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5207,7 +5154,10 @@ pub struct KibanaPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5215,32 +5165,28 @@ pub struct KibanaPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct KibanaPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5265,12 +5211,10 @@ pub struct KibanaPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5320,15 +5264,24 @@ pub struct KibanaPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5396,7 +5349,6 @@ pub struct KibanaPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5488,7 +5440,6 @@ pub struct KibanaPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5522,7 +5473,6 @@ pub struct KibanaPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5538,7 +5488,6 @@ pub struct KibanaPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5549,7 +5498,6 @@ pub struct KibanaPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5658,7 +5606,6 @@ pub struct KibanaPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5669,17 +5616,14 @@ pub struct KibanaPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5714,11 +5658,24 @@ pub struct KibanaPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5777,7 +5734,6 @@ pub struct KibanaPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5873,9 +5829,7 @@ pub struct KibanaPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5913,9 +5867,7 @@ pub struct KibanaPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5945,9 +5897,7 @@ pub struct KibanaPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6014,9 +5964,7 @@ pub struct KibanaPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6110,7 +6058,6 @@ pub struct KibanaPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6121,17 +6068,14 @@ pub struct KibanaPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6144,7 +6088,6 @@ pub struct KibanaPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6154,11 +6097,9 @@ pub struct KibanaPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6172,7 +6113,6 @@ pub struct KibanaPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6182,11 +6122,9 @@ pub struct KibanaPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KibanaPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6289,7 +6227,7 @@ pub struct KibanaPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6418,7 +6356,6 @@ pub struct KibanaPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6475,9 +6412,7 @@ pub struct KibanaPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6503,7 +6438,6 @@ pub struct KibanaPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6565,9 +6499,6 @@ pub struct KibanaPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KibanaPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6581,6 +6512,39 @@ pub struct KibanaPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KibanaPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6596,7 +6560,6 @@ pub struct KibanaPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6636,9 +6599,7 @@ pub struct KibanaPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6716,25 +6677,24 @@ pub struct KibanaPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct KibanaPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6759,14 +6719,11 @@ pub struct KibanaPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6849,9 +6806,7 @@ pub struct KibanaPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6950,9 +6905,7 @@ pub struct KibanaPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7037,7 +6990,6 @@ pub struct KibanaPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7084,9 +7036,7 @@ pub struct KibanaPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7139,9 +7089,7 @@ pub struct KibanaPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7235,9 +7183,7 @@ pub struct KibanaPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs index c4ee25776..0e5d067e0 100644 --- a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs +++ b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs @@ -143,9 +143,7 @@ pub struct ModuleDevicePluginContainerEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -188,9 +186,7 @@ pub struct ModuleDevicePluginContainerEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -206,11 +202,9 @@ pub struct ModuleDevicePluginContainerResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -233,6 +227,11 @@ pub struct ModuleDevicePluginContainerResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// VolumeMount describes a mounting of a Volume within a container. @@ -259,10 +258,8 @@ pub struct ModuleDevicePluginContainerVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -270,11 +267,9 @@ pub struct ModuleDevicePluginContainerVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -328,7 +323,6 @@ pub struct ModuleDevicePluginVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -339,17 +333,14 @@ pub struct ModuleDevicePluginVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -384,11 +375,24 @@ pub struct ModuleDevicePluginVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -447,7 +451,6 @@ pub struct ModuleDevicePluginVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -543,9 +546,7 @@ pub struct ModuleDevicePluginVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -583,9 +584,7 @@ pub struct ModuleDevicePluginVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -615,9 +614,7 @@ pub struct ModuleDevicePluginVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -684,9 +681,7 @@ pub struct ModuleDevicePluginVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -780,7 +775,6 @@ pub struct ModuleDevicePluginVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -791,17 +785,14 @@ pub struct ModuleDevicePluginVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -814,7 +805,6 @@ pub struct ModuleDevicePluginVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -824,11 +814,9 @@ pub struct ModuleDevicePluginVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -842,7 +830,6 @@ pub struct ModuleDevicePluginVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -852,11 +839,9 @@ pub struct ModuleDevicePluginVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesEphemeralVolumeClaimTemplate { @@ -949,7 +934,7 @@ pub struct ModuleDevicePluginVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -1078,7 +1063,6 @@ pub struct ModuleDevicePluginVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -1135,9 +1119,7 @@ pub struct ModuleDevicePluginVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1163,7 +1145,6 @@ pub struct ModuleDevicePluginVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -1225,9 +1206,6 @@ pub struct ModuleDevicePluginVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesHostPath { /// path of the directory on the host. @@ -1241,6 +1219,39 @@ pub struct ModuleDevicePluginVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ModuleDevicePluginVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -1256,7 +1267,6 @@ pub struct ModuleDevicePluginVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -1296,9 +1306,7 @@ pub struct ModuleDevicePluginVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1376,25 +1384,24 @@ pub struct ModuleDevicePluginVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleDevicePluginVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -1419,14 +1426,11 @@ pub struct ModuleDevicePluginVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -1509,9 +1513,7 @@ pub struct ModuleDevicePluginVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -1610,9 +1612,7 @@ pub struct ModuleDevicePluginVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -1697,7 +1697,6 @@ pub struct ModuleDevicePluginVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -1744,9 +1743,7 @@ pub struct ModuleDevicePluginVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1799,9 +1796,7 @@ pub struct ModuleDevicePluginVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1895,9 +1890,7 @@ pub struct ModuleDevicePluginVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1929,9 +1922,7 @@ pub struct ModuleImageRepoSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2042,9 +2033,7 @@ pub struct ModuleModuleLoaderContainerBuildDockerfileConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2065,9 +2054,7 @@ pub struct ModuleModuleLoaderContainerBuildSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2155,9 +2142,7 @@ pub struct ModuleModuleLoaderContainerKernelMappingsBuildDockerfileConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2178,9 +2163,7 @@ pub struct ModuleModuleLoaderContainerKernelMappingsBuildSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2223,9 +2206,7 @@ pub struct ModuleModuleLoaderContainerKernelMappingsSignCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2237,9 +2218,7 @@ pub struct ModuleModuleLoaderContainerKernelMappingsSignKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2361,9 +2340,7 @@ pub struct ModuleModuleLoaderContainerSignCertSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2375,9 +2352,7 @@ pub struct ModuleModuleLoaderContainerSignKeySecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs index 8eaf6a091..d388c52ce 100644 --- a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs +++ b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs @@ -128,9 +128,7 @@ pub struct NodeModulesConfigModulesImageRepoSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -252,9 +250,7 @@ pub struct NodeModulesConfigStatusModulesImageRepoSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs b/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs index def7af8d1..a7680288b 100644 --- a/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs +++ b/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs @@ -64,15 +64,13 @@ pub struct SleepInfoSpec { pub weekdays: String, } -/// Common type to use for both IncludeRef and ExcludeRef to prevent duplication +/// Define a resource to filter, used to include or exclude resources from the sleep. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SleepInfoExcludeRef { /// ApiVersion of the kubernetes resources. - /// Supported api version is "apps/v1". #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, /// Kind of the kubernetes resources of the specific version. - /// Supported kind are "Deployment" and "CronJob". #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// MatchLabels which identify the kubernetes resource by labels @@ -83,15 +81,13 @@ pub struct SleepInfoExcludeRef { pub name: Option, } -/// Common type to use for both IncludeRef and ExcludeRef to prevent duplication +/// Define a resource to filter, used to include or exclude resources from the sleep. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SleepInfoIncludeRef { /// ApiVersion of the kubernetes resources. - /// Supported api version is "apps/v1". #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, /// Kind of the kubernetes resources of the specific version. - /// Supported kind are "Deployment" and "CronJob". #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// MatchLabels which identify the kubernetes resource by labels diff --git a/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/clusterqueues.rs b/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/clusterqueues.rs index 0a24a3340..babfed1ec 100644 --- a/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/clusterqueues.rs +++ b/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/clusterqueues.rs @@ -420,8 +420,7 @@ pub struct ClusterQueueResourceGroupsFlavorsResources { /// all the nominalQuota can be borrowed by other clusterQueues in the cohort. /// If not null, it must be non-negative. /// lendingLimit must be null if spec.cohort is empty. - /// This field is in alpha stage. To be able to use this field, - /// enable the feature gate LendingLimit, which is disabled by default. + /// This field is in beta stage and is enabled by default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "lendingLimit")] pub lending_limit: Option, /// name of this resource. diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshaccesslogs.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshaccesslogs.rs index c934cd151..6550693de 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshaccesslogs.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshaccesslogs.rs @@ -225,6 +225,7 @@ pub enum MeshAccessLogFromTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -277,6 +278,7 @@ pub enum MeshAccessLogTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -476,6 +478,7 @@ pub enum MeshAccessLogToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshcircuitbreakers.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshcircuitbreakers.rs index 317b7df4d..00f6084f2 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshcircuitbreakers.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshcircuitbreakers.rs @@ -376,6 +376,7 @@ pub enum MeshCircuitBreakerFromTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -428,6 +429,7 @@ pub enum MeshCircuitBreakerTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -776,6 +778,7 @@ pub enum MeshCircuitBreakerToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshfaultinjections.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshfaultinjections.rs index c3b4ea687..fdb20e066 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshfaultinjections.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshfaultinjections.rs @@ -150,6 +150,7 @@ pub enum MeshFaultInjectionFromTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -202,6 +203,7 @@ pub enum MeshFaultInjectionTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -325,6 +327,7 @@ pub enum MeshFaultInjectionToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhealthchecks.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhealthchecks.rs index 5821fb049..162ad6177 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhealthchecks.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhealthchecks.rs @@ -76,6 +76,7 @@ pub enum MeshHealthCheckTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -293,6 +294,7 @@ pub enum MeshHealthCheckToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhttproutes.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhttproutes.rs index c23c4d5db..1b2c019d3 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhttproutes.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhttproutes.rs @@ -76,6 +76,7 @@ pub enum MeshHTTPRouteTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -167,6 +168,7 @@ pub enum MeshHTTPRouteToRulesDefaultBackendRefsKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -278,6 +280,7 @@ pub enum MeshHTTPRouteToRulesDefaultFiltersRequestMirrorBackendRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -559,6 +562,7 @@ pub enum MeshHTTPRouteToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs index 3e1f1257b..2ad17aa43 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs @@ -76,6 +76,7 @@ pub enum MeshLoadBalancingStrategyTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -525,6 +526,7 @@ pub enum MeshLoadBalancingStrategyToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs index 61c0d0037..5493989ef 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs @@ -528,6 +528,7 @@ pub enum MeshProxyPatchTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshratelimits.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshratelimits.rs index 4e1f2ffb5..61d47e178 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshratelimits.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshratelimits.rs @@ -190,6 +190,7 @@ pub enum MeshRateLimitFromTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -242,6 +243,7 @@ pub enum MeshRateLimitTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -406,6 +408,7 @@ pub enum MeshRateLimitToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshretries.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshretries.rs index 019761883..0c558eafd 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshretries.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshretries.rs @@ -75,6 +75,7 @@ pub enum MeshRetryTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -395,6 +396,7 @@ pub enum MeshRetryToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtcproutes.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtcproutes.rs index bdbe3adfc..0a79f6d33 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtcproutes.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtcproutes.rs @@ -76,6 +76,7 @@ pub enum MeshTCPRouteTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -156,6 +157,7 @@ pub enum MeshTCPRouteToRulesDefaultBackendRefsKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -206,6 +208,7 @@ pub enum MeshTCPRouteToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtimeouts.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtimeouts.rs index 4844f316f..c1e011499 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtimeouts.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtimeouts.rs @@ -136,6 +136,7 @@ pub enum MeshTimeoutFromTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -188,6 +189,7 @@ pub enum MeshTimeoutTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -298,6 +300,7 @@ pub enum MeshTimeoutToTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtraces.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtraces.rs index f8c097ee0..a6f4f98cd 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtraces.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtraces.rs @@ -228,6 +228,7 @@ pub enum MeshTraceTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtrafficpermissions.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtrafficpermissions.rs index fc34abbed..446602605 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtrafficpermissions.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtrafficpermissions.rs @@ -103,6 +103,7 @@ pub enum MeshTrafficPermissionFromTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, @@ -155,6 +156,7 @@ pub enum MeshTrafficPermissionTargetRefKind { MeshGateway, MeshService, MeshExternalService, + MeshMultiZoneService, MeshServiceSubset, #[serde(rename = "MeshHTTPRoute")] MeshHttpRoute, diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs index 39547f406..7c660c4a6 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs @@ -141,13 +141,12 @@ pub struct ClusterPolicyRules { pub verify_images: Option>, } -/// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. +/// MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesCelPreconditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -157,7 +156,6 @@ pub struct ClusterPolicyRulesCelPreconditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -168,7 +166,6 @@ pub struct ClusterPolicyRulesCelPreconditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -286,8 +283,7 @@ pub struct ClusterPolicyRulesContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -1118,8 +1114,7 @@ pub struct ClusterPolicyRulesGenerateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -1922,8 +1917,7 @@ pub struct ClusterPolicyRulesMutateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2228,8 +2222,7 @@ pub struct ClusterPolicyRulesMutateTargetsContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2297,6 +2290,16 @@ pub struct ClusterPolicyRulesValidate { /// Deny defines conditions used to pass or fail a validation rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub deny: Option, + /// FailureAction defines if a validation policy rule violation should block + /// the admission review request (Enforce), or allow (Audit) the admission review request + /// and report an error in a policy report. Optional. + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, + /// FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction + /// namespace-wise. It overrides FailureAction for the specified namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureActionOverrides")] + pub failure_action_overrides: Option>, /// ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, @@ -2313,16 +2316,6 @@ pub struct ClusterPolicyRulesValidate { /// by specifying exclusions for Pod Security Standards controls. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurity")] pub pod_security: Option, - /// ValidationFailureAction defines if a validation policy rule violation should block - /// the admission review request (Enforce), or allow (Audit) the admission review request - /// and report an error in a policy report. Optional. - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, - /// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction - /// namespace-wise. It overrides ValidationFailureAction for the specified namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] - pub validation_failure_action_overrides: Option>, } /// CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/). @@ -2354,19 +2347,16 @@ pub struct ClusterPolicyRulesValidateCelAuditAnnotations { /// a ValidatingAdmissionPolicy must be unique. The key must be a qualified /// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. /// - /// /// The key is combined with the resource name of the /// ValidatingAdmissionPolicy to construct an audit annotation key: /// "{ValidatingAdmissionPolicy name}/{key}". /// - /// /// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy /// and the same audit annotation key, the annotation key will be identical. /// In this case, the first annotation written with the key will be included /// in the audit event and all subsequent annotations with the same key /// will be discarded. /// - /// /// Required. pub key: String, /// valueExpression represents the expression which is evaluated by CEL to @@ -2378,13 +2368,11 @@ pub struct ClusterPolicyRulesValidateCelAuditAnnotations { /// If the result of the valueExpression is more than 10kb in length, it /// will be truncated to 10kb. /// - /// /// If multiple ValidatingAdmissionPolicyBinding resources match an /// API request, then the valueExpression will be evaluated for /// each binding. All unique values produced by the valueExpressions /// will be joined together in a comma-separated list. /// - /// /// Required. #[serde(rename = "valueExpression")] pub value_expression: String, @@ -2397,7 +2385,6 @@ pub struct ClusterPolicyRulesValidateCelExpressions { /// ref: https://github.com/google/cel-spec /// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: /// - /// /// - 'object' - The object from the incoming request. The value is null for DELETE requests. /// - 'oldObject' - The existing object. The value is null for CREATE requests. /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). @@ -2410,11 +2397,9 @@ pub struct ClusterPolicyRulesValidateCelExpressions { /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the /// request resource. /// - /// /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the /// object. No other metadata properties are accessible. /// - /// /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. /// Accessible property names are escaped according to the following rules when accessed in the expression: /// - '__' escapes to '__underscores__' @@ -2429,7 +2414,6 @@ pub struct ClusterPolicyRulesValidateCelExpressions { /// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} /// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} /// - /// /// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. /// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: /// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and @@ -2487,26 +2471,26 @@ pub struct ClusterPolicyRulesValidateCelParamKind { /// ParamRef references a parameter resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesValidateCelParamRef { - /// `name` is the name of the resource being referenced. + /// name is the name of the resource being referenced. /// + /// One of `name` or `selector` must be set, but `name` and `selector` are + /// mutually exclusive properties. If one is set, the other must be unset. /// - /// `name` and `selector` are mutually exclusive properties. If one is set, - /// the other must be unset. + /// A single parameter used for all admission requests can be configured + /// by setting the `name` field, leaving `selector` blank, and setting namespace + /// if `paramKind` is namespace-scoped. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// namespace is the namespace of the referenced resource. Allows limiting /// the search for params to a specific namespace. Applies to both `name` and /// `selector` fields. /// - /// /// A per-namespace parameter may be used by specifying a namespace-scoped /// `paramKind` in the policy and leaving this field empty. /// - /// /// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this /// field results in a configuration error. /// - /// /// - If `paramKind` is namespace-scoped, the namespace of the object being /// evaluated for admission will be used when this field is left unset. Take /// care that if this is left empty the binding must not match any cluster-scoped @@ -2520,19 +2504,17 @@ pub struct ClusterPolicyRulesValidateCelParamRef { /// If set to `Deny`, then no matched parameters will be subject to the /// `failurePolicy` of the policy. /// - /// /// Allowed values are `Allow` or `Deny` - /// Default to `Deny` + /// + /// Required #[serde(default, skip_serializing_if = "Option::is_none", rename = "parameterNotFoundAction")] pub parameter_not_found_action: Option, /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// - /// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// - /// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2542,11 +2524,9 @@ pub struct ClusterPolicyRulesValidateCelParamRef { /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// -/// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// -/// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2578,7 +2558,7 @@ pub struct ClusterPolicyRulesValidateCelParamRefSelectorMatchExpressions { pub values: Option>, } -/// Variable is the definition of a variable that is used for composition. +/// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesValidateCelVariables { /// Expression is the expression that will be evaluated as the value of the variable. @@ -2601,6 +2581,71 @@ pub struct ClusterPolicyRulesValidateDeny { pub conditions: Option, } +/// Validation is used to validate matching resources. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesValidateFailureAction { + Audit, + Enforce, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesValidateFailureActionOverrides { + /// ValidationFailureAction defines the policy validation failure action + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// A label selector is a label query over a set of resources. The result of matchLabels and + /// matchExpressions are ANDed. An empty label selector matches all objects. A null + /// label selector matches no objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesValidateFailureActionOverridesAction { + #[serde(rename = "audit")] + Audit, + #[serde(rename = "enforce")] + Enforce, + #[serde(rename = "Audit")] + AuditX, + #[serde(rename = "Enforce")] + EnforceX, +} + +/// A label selector is a label query over a set of resources. The result of matchLabels and +/// matchExpressions are ANDed. An empty label selector matches all objects. A null +/// label selector matches no objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesValidateFailureActionOverridesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesValidateFailureActionOverridesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesValidateForeach { @@ -2749,8 +2794,7 @@ pub struct ClusterPolicyRulesValidateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -3314,71 +3358,6 @@ pub enum ClusterPolicyRulesValidatePodSecurityVersion { Latest, } -/// Validation is used to validate matching resources. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyRulesValidateValidationFailureAction { - Audit, - Enforce, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesValidateValidationFailureActionOverrides { - /// ValidationFailureAction defines the policy validation failure action - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// A label selector is a label query over a set of resources. The result of matchLabels and - /// matchExpressions are ANDed. An empty label selector matches all objects. A null - /// label selector matches no objects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyRulesValidateValidationFailureActionOverridesAction { - #[serde(rename = "audit")] - Audit, - #[serde(rename = "enforce")] - Enforce, - #[serde(rename = "Audit")] - AuditX, - #[serde(rename = "Enforce")] - EnforceX, -} - -/// A label selector is a label query over a set of resources. The result of matchLabels and -/// matchExpressions are ANDed. An empty label selector matches all objects. A null -/// label selector matches no objects. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesValidateValidationFailureActionOverridesNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesValidateValidationFailureActionOverridesNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - /// ImageVerification validates that images that match the specified pattern /// are signed with the supplied public key. Once the image is verified it is /// mutated to include the SHA digest retrieved during the registration. @@ -3402,6 +3381,9 @@ pub struct ClusterPolicyRulesVerifyImages { /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] pub cosign_oci11: Option, + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -3451,9 +3433,6 @@ pub struct ClusterPolicyRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -4052,6 +4031,15 @@ pub struct ClusterPolicyRulesVerifyImagesAttestorsEntriesKeysSecret { pub namespace: String, } +/// ImageVerification validates that images that match the specified pattern +/// are signed with the supplied public key. Once the image is verified it is +/// mutated to include the SHA digest retrieved during the registration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesVerifyImagesFailureAction { + Audit, + Enforce, +} + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesVerifyImagesImageRegistryCredentials { @@ -4078,15 +4066,6 @@ pub enum ClusterPolicyRulesVerifyImagesType { Notary, } -/// ImageVerification validates that images that match the specified pattern -/// are signed with the supplied public key. Once the image is verified it is -/// mutated to include the SHA digest retrieved during the registration. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyRulesVerifyImagesValidationFailureAction { - Audit, - Enforce, -} - /// Spec declares policy behaviors. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterPolicyValidationFailureAction { @@ -4191,7 +4170,6 @@ pub struct ClusterPolicyWebhookConfigurationMatchConditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -4201,7 +4179,6 @@ pub struct ClusterPolicyWebhookConfigurationMatchConditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -4212,7 +4189,6 @@ pub struct ClusterPolicyWebhookConfigurationMatchConditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -4299,13 +4275,12 @@ pub struct ClusterPolicyStatusAutogenRules { pub verify_images: Option>, } -/// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. +/// MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesCelPreconditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -4315,7 +4290,6 @@ pub struct ClusterPolicyStatusAutogenRulesCelPreconditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -4326,7 +4300,6 @@ pub struct ClusterPolicyStatusAutogenRulesCelPreconditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -4444,8 +4417,7 @@ pub struct ClusterPolicyStatusAutogenRulesContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -5276,8 +5248,7 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextGlobalReference #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6080,8 +6051,7 @@ pub struct ClusterPolicyStatusAutogenRulesMutateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6386,8 +6356,7 @@ pub struct ClusterPolicyStatusAutogenRulesMutateTargetsContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6455,6 +6424,16 @@ pub struct ClusterPolicyStatusAutogenRulesValidate { /// Deny defines conditions used to pass or fail a validation rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub deny: Option, + /// FailureAction defines if a validation policy rule violation should block + /// the admission review request (Enforce), or allow (Audit) the admission review request + /// and report an error in a policy report. Optional. + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, + /// FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction + /// namespace-wise. It overrides FailureAction for the specified namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureActionOverrides")] + pub failure_action_overrides: Option>, /// ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, @@ -6471,16 +6450,6 @@ pub struct ClusterPolicyStatusAutogenRulesValidate { /// by specifying exclusions for Pod Security Standards controls. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurity")] pub pod_security: Option, - /// ValidationFailureAction defines if a validation policy rule violation should block - /// the admission review request (Enforce), or allow (Audit) the admission review request - /// and report an error in a policy report. Optional. - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, - /// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction - /// namespace-wise. It overrides ValidationFailureAction for the specified namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] - pub validation_failure_action_overrides: Option>, } /// CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/). @@ -6512,19 +6481,16 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelAuditAnnotations { /// a ValidatingAdmissionPolicy must be unique. The key must be a qualified /// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. /// - /// /// The key is combined with the resource name of the /// ValidatingAdmissionPolicy to construct an audit annotation key: /// "{ValidatingAdmissionPolicy name}/{key}". /// - /// /// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy /// and the same audit annotation key, the annotation key will be identical. /// In this case, the first annotation written with the key will be included /// in the audit event and all subsequent annotations with the same key /// will be discarded. /// - /// /// Required. pub key: String, /// valueExpression represents the expression which is evaluated by CEL to @@ -6536,13 +6502,11 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelAuditAnnotations { /// If the result of the valueExpression is more than 10kb in length, it /// will be truncated to 10kb. /// - /// /// If multiple ValidatingAdmissionPolicyBinding resources match an /// API request, then the valueExpression will be evaluated for /// each binding. All unique values produced by the valueExpressions /// will be joined together in a comma-separated list. /// - /// /// Required. #[serde(rename = "valueExpression")] pub value_expression: String, @@ -6555,7 +6519,6 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelExpressions { /// ref: https://github.com/google/cel-spec /// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: /// - /// /// - 'object' - The object from the incoming request. The value is null for DELETE requests. /// - 'oldObject' - The existing object. The value is null for CREATE requests. /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). @@ -6568,11 +6531,9 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelExpressions { /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the /// request resource. /// - /// /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the /// object. No other metadata properties are accessible. /// - /// /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. /// Accessible property names are escaped according to the following rules when accessed in the expression: /// - '__' escapes to '__underscores__' @@ -6587,7 +6548,6 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelExpressions { /// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} /// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} /// - /// /// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. /// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: /// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and @@ -6645,26 +6605,26 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelParamKind { /// ParamRef references a parameter resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesValidateCelParamRef { - /// `name` is the name of the resource being referenced. + /// name is the name of the resource being referenced. /// + /// One of `name` or `selector` must be set, but `name` and `selector` are + /// mutually exclusive properties. If one is set, the other must be unset. /// - /// `name` and `selector` are mutually exclusive properties. If one is set, - /// the other must be unset. + /// A single parameter used for all admission requests can be configured + /// by setting the `name` field, leaving `selector` blank, and setting namespace + /// if `paramKind` is namespace-scoped. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// namespace is the namespace of the referenced resource. Allows limiting /// the search for params to a specific namespace. Applies to both `name` and /// `selector` fields. /// - /// /// A per-namespace parameter may be used by specifying a namespace-scoped /// `paramKind` in the policy and leaving this field empty. /// - /// /// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this /// field results in a configuration error. /// - /// /// - If `paramKind` is namespace-scoped, the namespace of the object being /// evaluated for admission will be used when this field is left unset. Take /// care that if this is left empty the binding must not match any cluster-scoped @@ -6678,19 +6638,17 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelParamRef { /// If set to `Deny`, then no matched parameters will be subject to the /// `failurePolicy` of the policy. /// - /// /// Allowed values are `Allow` or `Deny` - /// Default to `Deny` + /// + /// Required #[serde(default, skip_serializing_if = "Option::is_none", rename = "parameterNotFoundAction")] pub parameter_not_found_action: Option, /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// - /// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// - /// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6700,11 +6658,9 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelParamRef { /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// -/// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// -/// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6736,7 +6692,7 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelParamRefSelectorMatchExpres pub values: Option>, } -/// Variable is the definition of a variable that is used for composition. +/// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesValidateCelVariables { /// Expression is the expression that will be evaluated as the value of the variable. @@ -6759,6 +6715,71 @@ pub struct ClusterPolicyStatusAutogenRulesValidateDeny { pub conditions: Option, } +/// Validation is used to validate matching resources. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesValidateFailureAction { + Audit, + Enforce, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesValidateFailureActionOverrides { + /// ValidationFailureAction defines the policy validation failure action + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// A label selector is a label query over a set of resources. The result of matchLabels and + /// matchExpressions are ANDed. An empty label selector matches all objects. A null + /// label selector matches no objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesValidateFailureActionOverridesAction { + #[serde(rename = "audit")] + Audit, + #[serde(rename = "enforce")] + Enforce, + #[serde(rename = "Audit")] + AuditX, + #[serde(rename = "Enforce")] + EnforceX, +} + +/// A label selector is a label query over a set of resources. The result of matchLabels and +/// matchExpressions are ANDed. An empty label selector matches all objects. A null +/// label selector matches no objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesValidateFailureActionOverridesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesValidateFailureActionOverridesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesValidateForeach { @@ -6907,8 +6928,7 @@ pub struct ClusterPolicyStatusAutogenRulesValidateForeachContextGlobalReference #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -7472,71 +7492,6 @@ pub enum ClusterPolicyStatusAutogenRulesValidatePodSecurityVersion { Latest, } -/// Validation is used to validate matching resources. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyStatusAutogenRulesValidateValidationFailureAction { - Audit, - Enforce, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesValidateValidationFailureActionOverrides { - /// ValidationFailureAction defines the policy validation failure action - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// A label selector is a label query over a set of resources. The result of matchLabels and - /// matchExpressions are ANDed. An empty label selector matches all objects. A null - /// label selector matches no objects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyStatusAutogenRulesValidateValidationFailureActionOverridesAction { - #[serde(rename = "audit")] - Audit, - #[serde(rename = "enforce")] - Enforce, - #[serde(rename = "Audit")] - AuditX, - #[serde(rename = "Enforce")] - EnforceX, -} - -/// A label selector is a label query over a set of resources. The result of matchLabels and -/// matchExpressions are ANDed. An empty label selector matches all objects. A null -/// label selector matches no objects. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesValidateValidationFailureActionOverridesNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesValidateValidationFailureActionOverridesNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - /// ImageVerification validates that images that match the specified pattern /// are signed with the supplied public key. Once the image is verified it is /// mutated to include the SHA digest retrieved during the registration. @@ -7560,6 +7515,9 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] pub cosign_oci11: Option, + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -7609,9 +7567,6 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -8210,6 +8165,15 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestorsEntriesKeysSecret pub namespace: String, } +/// ImageVerification validates that images that match the specified pattern +/// are signed with the supplied public key. Once the image is verified it is +/// mutated to include the SHA digest retrieved during the registration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesVerifyImagesFailureAction { + Audit, + Enforce, +} + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesVerifyImagesImageRegistryCredentials { @@ -8236,15 +8200,6 @@ pub enum ClusterPolicyStatusAutogenRulesVerifyImagesType { Notary, } -/// ImageVerification validates that images that match the specified pattern -/// are signed with the supplied public key. Once the image is verified it is -/// mutated to include the SHA digest retrieved during the registration. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyStatusAutogenRulesVerifyImagesValidationFailureAction { - Audit, - Enforce, -} - /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs index 49c44f391..d027e70f2 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs @@ -142,13 +142,12 @@ pub struct PolicyRules { pub verify_images: Option>, } -/// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. +/// MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesCelPreconditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -158,7 +157,6 @@ pub struct PolicyRulesCelPreconditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -169,7 +167,6 @@ pub struct PolicyRulesCelPreconditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -287,8 +284,7 @@ pub struct PolicyRulesContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -1119,8 +1115,7 @@ pub struct PolicyRulesGenerateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -1923,8 +1918,7 @@ pub struct PolicyRulesMutateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2229,8 +2223,7 @@ pub struct PolicyRulesMutateTargetsContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2298,6 +2291,16 @@ pub struct PolicyRulesValidate { /// Deny defines conditions used to pass or fail a validation rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub deny: Option, + /// FailureAction defines if a validation policy rule violation should block + /// the admission review request (Enforce), or allow (Audit) the admission review request + /// and report an error in a policy report. Optional. + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, + /// FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction + /// namespace-wise. It overrides FailureAction for the specified namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureActionOverrides")] + pub failure_action_overrides: Option>, /// ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, @@ -2314,16 +2317,6 @@ pub struct PolicyRulesValidate { /// by specifying exclusions for Pod Security Standards controls. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurity")] pub pod_security: Option, - /// ValidationFailureAction defines if a validation policy rule violation should block - /// the admission review request (Enforce), or allow (Audit) the admission review request - /// and report an error in a policy report. Optional. - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, - /// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction - /// namespace-wise. It overrides ValidationFailureAction for the specified namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] - pub validation_failure_action_overrides: Option>, } /// CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/). @@ -2355,19 +2348,16 @@ pub struct PolicyRulesValidateCelAuditAnnotations { /// a ValidatingAdmissionPolicy must be unique. The key must be a qualified /// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. /// - /// /// The key is combined with the resource name of the /// ValidatingAdmissionPolicy to construct an audit annotation key: /// "{ValidatingAdmissionPolicy name}/{key}". /// - /// /// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy /// and the same audit annotation key, the annotation key will be identical. /// In this case, the first annotation written with the key will be included /// in the audit event and all subsequent annotations with the same key /// will be discarded. /// - /// /// Required. pub key: String, /// valueExpression represents the expression which is evaluated by CEL to @@ -2379,13 +2369,11 @@ pub struct PolicyRulesValidateCelAuditAnnotations { /// If the result of the valueExpression is more than 10kb in length, it /// will be truncated to 10kb. /// - /// /// If multiple ValidatingAdmissionPolicyBinding resources match an /// API request, then the valueExpression will be evaluated for /// each binding. All unique values produced by the valueExpressions /// will be joined together in a comma-separated list. /// - /// /// Required. #[serde(rename = "valueExpression")] pub value_expression: String, @@ -2398,7 +2386,6 @@ pub struct PolicyRulesValidateCelExpressions { /// ref: https://github.com/google/cel-spec /// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: /// - /// /// - 'object' - The object from the incoming request. The value is null for DELETE requests. /// - 'oldObject' - The existing object. The value is null for CREATE requests. /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). @@ -2411,11 +2398,9 @@ pub struct PolicyRulesValidateCelExpressions { /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the /// request resource. /// - /// /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the /// object. No other metadata properties are accessible. /// - /// /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. /// Accessible property names are escaped according to the following rules when accessed in the expression: /// - '__' escapes to '__underscores__' @@ -2430,7 +2415,6 @@ pub struct PolicyRulesValidateCelExpressions { /// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} /// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} /// - /// /// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. /// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: /// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and @@ -2488,26 +2472,26 @@ pub struct PolicyRulesValidateCelParamKind { /// ParamRef references a parameter resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesValidateCelParamRef { - /// `name` is the name of the resource being referenced. + /// name is the name of the resource being referenced. /// + /// One of `name` or `selector` must be set, but `name` and `selector` are + /// mutually exclusive properties. If one is set, the other must be unset. /// - /// `name` and `selector` are mutually exclusive properties. If one is set, - /// the other must be unset. + /// A single parameter used for all admission requests can be configured + /// by setting the `name` field, leaving `selector` blank, and setting namespace + /// if `paramKind` is namespace-scoped. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// namespace is the namespace of the referenced resource. Allows limiting /// the search for params to a specific namespace. Applies to both `name` and /// `selector` fields. /// - /// /// A per-namespace parameter may be used by specifying a namespace-scoped /// `paramKind` in the policy and leaving this field empty. /// - /// /// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this /// field results in a configuration error. /// - /// /// - If `paramKind` is namespace-scoped, the namespace of the object being /// evaluated for admission will be used when this field is left unset. Take /// care that if this is left empty the binding must not match any cluster-scoped @@ -2521,19 +2505,17 @@ pub struct PolicyRulesValidateCelParamRef { /// If set to `Deny`, then no matched parameters will be subject to the /// `failurePolicy` of the policy. /// - /// /// Allowed values are `Allow` or `Deny` - /// Default to `Deny` + /// + /// Required #[serde(default, skip_serializing_if = "Option::is_none", rename = "parameterNotFoundAction")] pub parameter_not_found_action: Option, /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// - /// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// - /// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2543,11 +2525,9 @@ pub struct PolicyRulesValidateCelParamRef { /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// -/// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// -/// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2579,7 +2559,7 @@ pub struct PolicyRulesValidateCelParamRefSelectorMatchExpressions { pub values: Option>, } -/// Variable is the definition of a variable that is used for composition. +/// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesValidateCelVariables { /// Expression is the expression that will be evaluated as the value of the variable. @@ -2602,6 +2582,71 @@ pub struct PolicyRulesValidateDeny { pub conditions: Option, } +/// Validation is used to validate matching resources. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesValidateFailureAction { + Audit, + Enforce, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesValidateFailureActionOverrides { + /// ValidationFailureAction defines the policy validation failure action + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// A label selector is a label query over a set of resources. The result of matchLabels and + /// matchExpressions are ANDed. An empty label selector matches all objects. A null + /// label selector matches no objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesValidateFailureActionOverridesAction { + #[serde(rename = "audit")] + Audit, + #[serde(rename = "enforce")] + Enforce, + #[serde(rename = "Audit")] + AuditX, + #[serde(rename = "Enforce")] + EnforceX, +} + +/// A label selector is a label query over a set of resources. The result of matchLabels and +/// matchExpressions are ANDed. An empty label selector matches all objects. A null +/// label selector matches no objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesValidateFailureActionOverridesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesValidateFailureActionOverridesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesValidateForeach { @@ -2750,8 +2795,7 @@ pub struct PolicyRulesValidateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -3315,71 +3359,6 @@ pub enum PolicyRulesValidatePodSecurityVersion { Latest, } -/// Validation is used to validate matching resources. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyRulesValidateValidationFailureAction { - Audit, - Enforce, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesValidateValidationFailureActionOverrides { - /// ValidationFailureAction defines the policy validation failure action - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// A label selector is a label query over a set of resources. The result of matchLabels and - /// matchExpressions are ANDed. An empty label selector matches all objects. A null - /// label selector matches no objects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyRulesValidateValidationFailureActionOverridesAction { - #[serde(rename = "audit")] - Audit, - #[serde(rename = "enforce")] - Enforce, - #[serde(rename = "Audit")] - AuditX, - #[serde(rename = "Enforce")] - EnforceX, -} - -/// A label selector is a label query over a set of resources. The result of matchLabels and -/// matchExpressions are ANDed. An empty label selector matches all objects. A null -/// label selector matches no objects. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesValidateValidationFailureActionOverridesNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesValidateValidationFailureActionOverridesNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - /// ImageVerification validates that images that match the specified pattern /// are signed with the supplied public key. Once the image is verified it is /// mutated to include the SHA digest retrieved during the registration. @@ -3403,6 +3382,9 @@ pub struct PolicyRulesVerifyImages { /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] pub cosign_oci11: Option, + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -3452,9 +3434,6 @@ pub struct PolicyRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -4053,6 +4032,15 @@ pub struct PolicyRulesVerifyImagesAttestorsEntriesKeysSecret { pub namespace: String, } +/// ImageVerification validates that images that match the specified pattern +/// are signed with the supplied public key. Once the image is verified it is +/// mutated to include the SHA digest retrieved during the registration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesVerifyImagesFailureAction { + Audit, + Enforce, +} + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesVerifyImagesImageRegistryCredentials { @@ -4079,15 +4067,6 @@ pub enum PolicyRulesVerifyImagesType { Notary, } -/// ImageVerification validates that images that match the specified pattern -/// are signed with the supplied public key. Once the image is verified it is -/// mutated to include the SHA digest retrieved during the registration. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyRulesVerifyImagesValidationFailureAction { - Audit, - Enforce, -} - /// Spec defines policy behaviors and contains one or more rules. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PolicyValidationFailureAction { @@ -4192,7 +4171,6 @@ pub struct PolicyWebhookConfigurationMatchConditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -4202,7 +4180,6 @@ pub struct PolicyWebhookConfigurationMatchConditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -4213,7 +4190,6 @@ pub struct PolicyWebhookConfigurationMatchConditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -4300,13 +4276,12 @@ pub struct PolicyStatusAutogenRules { pub verify_images: Option>, } -/// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. +/// MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesCelPreconditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -4316,7 +4291,6 @@ pub struct PolicyStatusAutogenRulesCelPreconditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -4327,7 +4301,6 @@ pub struct PolicyStatusAutogenRulesCelPreconditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -4445,8 +4418,7 @@ pub struct PolicyStatusAutogenRulesContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -5277,8 +5249,7 @@ pub struct PolicyStatusAutogenRulesGenerateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6081,8 +6052,7 @@ pub struct PolicyStatusAutogenRulesMutateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6387,8 +6357,7 @@ pub struct PolicyStatusAutogenRulesMutateTargetsContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6456,6 +6425,16 @@ pub struct PolicyStatusAutogenRulesValidate { /// Deny defines conditions used to pass or fail a validation rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub deny: Option, + /// FailureAction defines if a validation policy rule violation should block + /// the admission review request (Enforce), or allow (Audit) the admission review request + /// and report an error in a policy report. Optional. + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, + /// FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction + /// namespace-wise. It overrides FailureAction for the specified namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureActionOverrides")] + pub failure_action_overrides: Option>, /// ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, @@ -6472,16 +6451,6 @@ pub struct PolicyStatusAutogenRulesValidate { /// by specifying exclusions for Pod Security Standards controls. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurity")] pub pod_security: Option, - /// ValidationFailureAction defines if a validation policy rule violation should block - /// the admission review request (Enforce), or allow (Audit) the admission review request - /// and report an error in a policy report. Optional. - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, - /// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction - /// namespace-wise. It overrides ValidationFailureAction for the specified namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] - pub validation_failure_action_overrides: Option>, } /// CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/). @@ -6513,19 +6482,16 @@ pub struct PolicyStatusAutogenRulesValidateCelAuditAnnotations { /// a ValidatingAdmissionPolicy must be unique. The key must be a qualified /// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. /// - /// /// The key is combined with the resource name of the /// ValidatingAdmissionPolicy to construct an audit annotation key: /// "{ValidatingAdmissionPolicy name}/{key}". /// - /// /// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy /// and the same audit annotation key, the annotation key will be identical. /// In this case, the first annotation written with the key will be included /// in the audit event and all subsequent annotations with the same key /// will be discarded. /// - /// /// Required. pub key: String, /// valueExpression represents the expression which is evaluated by CEL to @@ -6537,13 +6503,11 @@ pub struct PolicyStatusAutogenRulesValidateCelAuditAnnotations { /// If the result of the valueExpression is more than 10kb in length, it /// will be truncated to 10kb. /// - /// /// If multiple ValidatingAdmissionPolicyBinding resources match an /// API request, then the valueExpression will be evaluated for /// each binding. All unique values produced by the valueExpressions /// will be joined together in a comma-separated list. /// - /// /// Required. #[serde(rename = "valueExpression")] pub value_expression: String, @@ -6556,7 +6520,6 @@ pub struct PolicyStatusAutogenRulesValidateCelExpressions { /// ref: https://github.com/google/cel-spec /// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: /// - /// /// - 'object' - The object from the incoming request. The value is null for DELETE requests. /// - 'oldObject' - The existing object. The value is null for CREATE requests. /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). @@ -6569,11 +6532,9 @@ pub struct PolicyStatusAutogenRulesValidateCelExpressions { /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the /// request resource. /// - /// /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the /// object. No other metadata properties are accessible. /// - /// /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. /// Accessible property names are escaped according to the following rules when accessed in the expression: /// - '__' escapes to '__underscores__' @@ -6588,7 +6549,6 @@ pub struct PolicyStatusAutogenRulesValidateCelExpressions { /// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} /// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} /// - /// /// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. /// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: /// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and @@ -6646,26 +6606,26 @@ pub struct PolicyStatusAutogenRulesValidateCelParamKind { /// ParamRef references a parameter resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesValidateCelParamRef { - /// `name` is the name of the resource being referenced. + /// name is the name of the resource being referenced. /// + /// One of `name` or `selector` must be set, but `name` and `selector` are + /// mutually exclusive properties. If one is set, the other must be unset. /// - /// `name` and `selector` are mutually exclusive properties. If one is set, - /// the other must be unset. + /// A single parameter used for all admission requests can be configured + /// by setting the `name` field, leaving `selector` blank, and setting namespace + /// if `paramKind` is namespace-scoped. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// namespace is the namespace of the referenced resource. Allows limiting /// the search for params to a specific namespace. Applies to both `name` and /// `selector` fields. /// - /// /// A per-namespace parameter may be used by specifying a namespace-scoped /// `paramKind` in the policy and leaving this field empty. /// - /// /// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this /// field results in a configuration error. /// - /// /// - If `paramKind` is namespace-scoped, the namespace of the object being /// evaluated for admission will be used when this field is left unset. Take /// care that if this is left empty the binding must not match any cluster-scoped @@ -6679,19 +6639,17 @@ pub struct PolicyStatusAutogenRulesValidateCelParamRef { /// If set to `Deny`, then no matched parameters will be subject to the /// `failurePolicy` of the policy. /// - /// /// Allowed values are `Allow` or `Deny` - /// Default to `Deny` + /// + /// Required #[serde(default, skip_serializing_if = "Option::is_none", rename = "parameterNotFoundAction")] pub parameter_not_found_action: Option, /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// - /// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// - /// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6701,11 +6659,9 @@ pub struct PolicyStatusAutogenRulesValidateCelParamRef { /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// -/// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// -/// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6737,7 +6693,7 @@ pub struct PolicyStatusAutogenRulesValidateCelParamRefSelectorMatchExpressions { pub values: Option>, } -/// Variable is the definition of a variable that is used for composition. +/// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesValidateCelVariables { /// Expression is the expression that will be evaluated as the value of the variable. @@ -6760,6 +6716,71 @@ pub struct PolicyStatusAutogenRulesValidateDeny { pub conditions: Option, } +/// Validation is used to validate matching resources. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesValidateFailureAction { + Audit, + Enforce, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesValidateFailureActionOverrides { + /// ValidationFailureAction defines the policy validation failure action + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// A label selector is a label query over a set of resources. The result of matchLabels and + /// matchExpressions are ANDed. An empty label selector matches all objects. A null + /// label selector matches no objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesValidateFailureActionOverridesAction { + #[serde(rename = "audit")] + Audit, + #[serde(rename = "enforce")] + Enforce, + #[serde(rename = "Audit")] + AuditX, + #[serde(rename = "Enforce")] + EnforceX, +} + +/// A label selector is a label query over a set of resources. The result of matchLabels and +/// matchExpressions are ANDed. An empty label selector matches all objects. A null +/// label selector matches no objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesValidateFailureActionOverridesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesValidateFailureActionOverridesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesValidateForeach { @@ -6908,8 +6929,7 @@ pub struct PolicyStatusAutogenRulesValidateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -7473,71 +7493,6 @@ pub enum PolicyStatusAutogenRulesValidatePodSecurityVersion { Latest, } -/// Validation is used to validate matching resources. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyStatusAutogenRulesValidateValidationFailureAction { - Audit, - Enforce, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesValidateValidationFailureActionOverrides { - /// ValidationFailureAction defines the policy validation failure action - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// A label selector is a label query over a set of resources. The result of matchLabels and - /// matchExpressions are ANDed. An empty label selector matches all objects. A null - /// label selector matches no objects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyStatusAutogenRulesValidateValidationFailureActionOverridesAction { - #[serde(rename = "audit")] - Audit, - #[serde(rename = "enforce")] - Enforce, - #[serde(rename = "Audit")] - AuditX, - #[serde(rename = "Enforce")] - EnforceX, -} - -/// A label selector is a label query over a set of resources. The result of matchLabels and -/// matchExpressions are ANDed. An empty label selector matches all objects. A null -/// label selector matches no objects. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesValidateValidationFailureActionOverridesNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesValidateValidationFailureActionOverridesNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - /// ImageVerification validates that images that match the specified pattern /// are signed with the supplied public key. Once the image is verified it is /// mutated to include the SHA digest retrieved during the registration. @@ -7561,6 +7516,9 @@ pub struct PolicyStatusAutogenRulesVerifyImages { /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] pub cosign_oci11: Option, + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -7610,9 +7568,6 @@ pub struct PolicyStatusAutogenRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -8211,6 +8166,15 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestorsEntriesKeysSecret { pub namespace: String, } +/// ImageVerification validates that images that match the specified pattern +/// are signed with the supplied public key. Once the image is verified it is +/// mutated to include the SHA digest retrieved during the registration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesVerifyImagesFailureAction { + Audit, + Enforce, +} + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesVerifyImagesImageRegistryCredentials { @@ -8237,15 +8201,6 @@ pub enum PolicyStatusAutogenRulesVerifyImagesType { Notary, } -/// ImageVerification validates that images that match the specified pattern -/// are signed with the supplied public key. Once the image is verified it is -/// mutated to include the SHA digest retrieved during the registration. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyStatusAutogenRulesVerifyImagesValidationFailureAction { - Audit, - Enforce, -} - /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kyverno_io/v1beta1/updaterequests.rs b/kube-custom-resources-rs/src/kyverno_io/v1beta1/updaterequests.rs index 5b745b225..e0dd40d8d 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1beta1/updaterequests.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1beta1/updaterequests.rs @@ -96,28 +96,24 @@ pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequest { /// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). /// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. /// - /// /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of /// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, /// an API request to apps/v1beta1 deployments would be converted and sent to the webhook /// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), /// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). /// - /// /// See documentation for the "matchPolicy" field in the webhook configuration type for more details. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestKind")] pub request_kind: Option, /// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). /// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. /// - /// /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of /// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, /// an API request to apps/v1beta1 deployments would be converted and sent to the webhook /// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), /// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). /// - /// /// See documentation for the "matchPolicy" field in the webhook configuration type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestResource")] pub request_resource: Option, @@ -152,14 +148,12 @@ pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestKind { /// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). /// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. /// -/// /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of /// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, /// an API request to apps/v1beta1 deployments would be converted and sent to the webhook /// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), /// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). /// -/// /// See documentation for the "matchPolicy" field in the webhook configuration type for more details. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestRequestKind { @@ -171,14 +165,12 @@ pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestRequestKind { /// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). /// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. /// -/// /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of /// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, /// an API request to apps/v1beta1 deployments would be converted and sent to the webhook /// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), /// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). /// -/// /// See documentation for the "matchPolicy" field in the webhook configuration type. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestRequestResource { diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs index 14ac9e0c5..6133516de 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs @@ -247,8 +247,7 @@ pub struct CleanupPolicyContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs index 0d6ee4622..ef43549b8 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs @@ -246,8 +246,7 @@ pub struct ClusterCleanupPolicyContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/updaterequests.rs b/kube-custom-resources-rs/src/kyverno_io/v2/updaterequests.rs index a317da5ff..306f510fb 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2/updaterequests.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2/updaterequests.rs @@ -104,28 +104,24 @@ pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequest { /// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). /// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. /// - /// /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of /// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, /// an API request to apps/v1beta1 deployments would be converted and sent to the webhook /// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), /// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). /// - /// /// See documentation for the "matchPolicy" field in the webhook configuration type for more details. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestKind")] pub request_kind: Option, /// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). /// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. /// - /// /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of /// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, /// an API request to apps/v1beta1 deployments would be converted and sent to the webhook /// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), /// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). /// - /// /// See documentation for the "matchPolicy" field in the webhook configuration type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestResource")] pub request_resource: Option, @@ -160,14 +156,12 @@ pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestKind { /// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). /// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. /// -/// /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of /// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, /// an API request to apps/v1beta1 deployments would be converted and sent to the webhook /// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), /// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). /// -/// /// See documentation for the "matchPolicy" field in the webhook configuration type for more details. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestRequestKind { @@ -179,14 +173,12 @@ pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestRequestKind { /// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). /// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. /// -/// /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of /// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, /// an API request to apps/v1beta1 deployments would be converted and sent to the webhook /// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), /// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). /// -/// /// See documentation for the "matchPolicy" field in the webhook configuration type. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestRequestResource { diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/cleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/cleanuppolicies.rs index d8d401cd5..95e01967e 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/cleanuppolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/cleanuppolicies.rs @@ -247,8 +247,7 @@ pub struct CleanupPolicyContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clustercleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clustercleanuppolicies.rs index c3c456814..dc5d2bd8b 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clustercleanuppolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clustercleanuppolicies.rs @@ -246,8 +246,7 @@ pub struct ClusterCleanupPolicyContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs index dc1c9bbfa..126c1d8f7 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs @@ -145,7 +145,6 @@ pub struct ClusterPolicyRulesCelPreconditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -155,7 +154,6 @@ pub struct ClusterPolicyRulesCelPreconditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -166,7 +164,6 @@ pub struct ClusterPolicyRulesCelPreconditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -284,8 +281,7 @@ pub struct ClusterPolicyRulesContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -969,8 +965,7 @@ pub struct ClusterPolicyRulesGenerateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -1626,8 +1621,7 @@ pub struct ClusterPolicyRulesMutateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -1932,8 +1926,7 @@ pub struct ClusterPolicyRulesMutateTargetsContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2096,6 +2089,16 @@ pub struct ClusterPolicyRulesValidate { /// Deny defines conditions used to pass or fail a validation rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub deny: Option, + /// FailureAction defines if a validation policy rule violation should block + /// the admission review request (Enforce), or allow (Audit) the admission review request + /// and report an error in a policy report. Optional. + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, + /// FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction + /// namespace-wise. It overrides FailureAction for the specified namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureActionOverrides")] + pub failure_action_overrides: Option>, /// ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, @@ -2112,16 +2115,6 @@ pub struct ClusterPolicyRulesValidate { /// by specifying exclusions for Pod Security Standards controls. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurity")] pub pod_security: Option, - /// ValidationFailureAction defines if a validation policy rule violation should block - /// the admission review request (Enforce), or allow (Audit) the admission review request - /// and report an error in a policy report. Optional. - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, - /// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction - /// namespace-wise. It overrides ValidationFailureAction for the specified namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] - pub validation_failure_action_overrides: Option>, } /// CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/). @@ -2153,19 +2146,16 @@ pub struct ClusterPolicyRulesValidateCelAuditAnnotations { /// a ValidatingAdmissionPolicy must be unique. The key must be a qualified /// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. /// - /// /// The key is combined with the resource name of the /// ValidatingAdmissionPolicy to construct an audit annotation key: /// "{ValidatingAdmissionPolicy name}/{key}". /// - /// /// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy /// and the same audit annotation key, the annotation key will be identical. /// In this case, the first annotation written with the key will be included /// in the audit event and all subsequent annotations with the same key /// will be discarded. /// - /// /// Required. pub key: String, /// valueExpression represents the expression which is evaluated by CEL to @@ -2177,13 +2167,11 @@ pub struct ClusterPolicyRulesValidateCelAuditAnnotations { /// If the result of the valueExpression is more than 10kb in length, it /// will be truncated to 10kb. /// - /// /// If multiple ValidatingAdmissionPolicyBinding resources match an /// API request, then the valueExpression will be evaluated for /// each binding. All unique values produced by the valueExpressions /// will be joined together in a comma-separated list. /// - /// /// Required. #[serde(rename = "valueExpression")] pub value_expression: String, @@ -2196,7 +2184,6 @@ pub struct ClusterPolicyRulesValidateCelExpressions { /// ref: https://github.com/google/cel-spec /// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: /// - /// /// - 'object' - The object from the incoming request. The value is null for DELETE requests. /// - 'oldObject' - The existing object. The value is null for CREATE requests. /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). @@ -2209,11 +2196,9 @@ pub struct ClusterPolicyRulesValidateCelExpressions { /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the /// request resource. /// - /// /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the /// object. No other metadata properties are accessible. /// - /// /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. /// Accessible property names are escaped according to the following rules when accessed in the expression: /// - '__' escapes to '__underscores__' @@ -2228,7 +2213,6 @@ pub struct ClusterPolicyRulesValidateCelExpressions { /// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} /// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} /// - /// /// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. /// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: /// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and @@ -2286,26 +2270,26 @@ pub struct ClusterPolicyRulesValidateCelParamKind { /// ParamRef references a parameter resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesValidateCelParamRef { - /// `name` is the name of the resource being referenced. + /// name is the name of the resource being referenced. /// + /// One of `name` or `selector` must be set, but `name` and `selector` are + /// mutually exclusive properties. If one is set, the other must be unset. /// - /// `name` and `selector` are mutually exclusive properties. If one is set, - /// the other must be unset. + /// A single parameter used for all admission requests can be configured + /// by setting the `name` field, leaving `selector` blank, and setting namespace + /// if `paramKind` is namespace-scoped. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// namespace is the namespace of the referenced resource. Allows limiting /// the search for params to a specific namespace. Applies to both `name` and /// `selector` fields. /// - /// /// A per-namespace parameter may be used by specifying a namespace-scoped /// `paramKind` in the policy and leaving this field empty. /// - /// /// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this /// field results in a configuration error. /// - /// /// - If `paramKind` is namespace-scoped, the namespace of the object being /// evaluated for admission will be used when this field is left unset. Take /// care that if this is left empty the binding must not match any cluster-scoped @@ -2319,19 +2303,17 @@ pub struct ClusterPolicyRulesValidateCelParamRef { /// If set to `Deny`, then no matched parameters will be subject to the /// `failurePolicy` of the policy. /// - /// /// Allowed values are `Allow` or `Deny` - /// Default to `Deny` + /// + /// Required #[serde(default, skip_serializing_if = "Option::is_none", rename = "parameterNotFoundAction")] pub parameter_not_found_action: Option, /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// - /// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// - /// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2341,11 +2323,9 @@ pub struct ClusterPolicyRulesValidateCelParamRef { /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// -/// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// -/// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2377,7 +2357,7 @@ pub struct ClusterPolicyRulesValidateCelParamRefSelectorMatchExpressions { pub values: Option>, } -/// Variable is the definition of a variable that is used for composition. +/// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesValidateCelVariables { /// Expression is the expression that will be evaluated as the value of the variable. @@ -2492,6 +2472,71 @@ pub enum ClusterPolicyRulesValidateDenyConditionsAnyOperator { DurationLessThan, } +/// Validation is used to validate matching resources. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesValidateFailureAction { + Audit, + Enforce, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesValidateFailureActionOverrides { + /// ValidationFailureAction defines the policy validation failure action + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// A label selector is a label query over a set of resources. The result of matchLabels and + /// matchExpressions are ANDed. An empty label selector matches all objects. A null + /// label selector matches no objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesValidateFailureActionOverridesAction { + #[serde(rename = "audit")] + Audit, + #[serde(rename = "enforce")] + Enforce, + #[serde(rename = "Audit")] + AuditX, + #[serde(rename = "Enforce")] + EnforceX, +} + +/// A label selector is a label query over a set of resources. The result of matchLabels and +/// matchExpressions are ANDed. An empty label selector matches all objects. A null +/// label selector matches no objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesValidateFailureActionOverridesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesValidateFailureActionOverridesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesValidateForeach { @@ -2640,8 +2685,7 @@ pub struct ClusterPolicyRulesValidateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -3205,71 +3249,6 @@ pub enum ClusterPolicyRulesValidatePodSecurityVersion { Latest, } -/// Validation is used to validate matching resources. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyRulesValidateValidationFailureAction { - Audit, - Enforce, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesValidateValidationFailureActionOverrides { - /// ValidationFailureAction defines the policy validation failure action - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// A label selector is a label query over a set of resources. The result of matchLabels and - /// matchExpressions are ANDed. An empty label selector matches all objects. A null - /// label selector matches no objects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyRulesValidateValidationFailureActionOverridesAction { - #[serde(rename = "audit")] - Audit, - #[serde(rename = "enforce")] - Enforce, - #[serde(rename = "Audit")] - AuditX, - #[serde(rename = "Enforce")] - EnforceX, -} - -/// A label selector is a label query over a set of resources. The result of matchLabels and -/// matchExpressions are ANDed. An empty label selector matches all objects. A null -/// label selector matches no objects. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesValidateValidationFailureActionOverridesNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyRulesValidateValidationFailureActionOverridesNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - /// ImageVerification validates that images that match the specified pattern /// are signed with the supplied public key. Once the image is verified it is /// mutated to include the SHA digest retrieved during the registration. @@ -3283,6 +3262,9 @@ pub struct ClusterPolicyRulesVerifyImages { /// Attestors specified the required attestors (i.e. authorities) #[serde(default, skip_serializing_if = "Option::is_none")] pub attestors: Option>, + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, /// ImageReferences is a list of matching image reference patterns. At least one pattern in the /// list must match the image for the rule to apply. Each image reference consists of a registry /// address (defaults to docker.io), repository, image, and tag (defaults to latest). @@ -3317,9 +3299,6 @@ pub struct ClusterPolicyRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -3918,6 +3897,15 @@ pub struct ClusterPolicyRulesVerifyImagesAttestorsEntriesKeysSecret { pub namespace: String, } +/// ImageVerification validates that images that match the specified pattern +/// are signed with the supplied public key. Once the image is verified it is +/// mutated to include the SHA digest retrieved during the registration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyRulesVerifyImagesFailureAction { + Audit, + Enforce, +} + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesVerifyImagesImageRegistryCredentials { @@ -3944,15 +3932,6 @@ pub enum ClusterPolicyRulesVerifyImagesType { Notary, } -/// ImageVerification validates that images that match the specified pattern -/// are signed with the supplied public key. Once the image is verified it is -/// mutated to include the SHA digest retrieved during the registration. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyRulesVerifyImagesValidationFailureAction { - Audit, - Enforce, -} - /// Spec declares policy behaviors. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterPolicyValidationFailureAction { @@ -4057,7 +4036,6 @@ pub struct ClusterPolicyWebhookConfigurationMatchConditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -4067,7 +4045,6 @@ pub struct ClusterPolicyWebhookConfigurationMatchConditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -4078,7 +4055,6 @@ pub struct ClusterPolicyWebhookConfigurationMatchConditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -4165,13 +4141,12 @@ pub struct ClusterPolicyStatusAutogenRules { pub verify_images: Option>, } -/// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. +/// MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesCelPreconditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -4181,7 +4156,6 @@ pub struct ClusterPolicyStatusAutogenRulesCelPreconditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -4192,7 +4166,6 @@ pub struct ClusterPolicyStatusAutogenRulesCelPreconditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -4310,8 +4283,7 @@ pub struct ClusterPolicyStatusAutogenRulesContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -5142,8 +5114,7 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextGlobalReference #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -5946,8 +5917,7 @@ pub struct ClusterPolicyStatusAutogenRulesMutateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6252,8 +6222,7 @@ pub struct ClusterPolicyStatusAutogenRulesMutateTargetsContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6321,6 +6290,16 @@ pub struct ClusterPolicyStatusAutogenRulesValidate { /// Deny defines conditions used to pass or fail a validation rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub deny: Option, + /// FailureAction defines if a validation policy rule violation should block + /// the admission review request (Enforce), or allow (Audit) the admission review request + /// and report an error in a policy report. Optional. + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, + /// FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction + /// namespace-wise. It overrides FailureAction for the specified namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureActionOverrides")] + pub failure_action_overrides: Option>, /// ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, @@ -6337,16 +6316,6 @@ pub struct ClusterPolicyStatusAutogenRulesValidate { /// by specifying exclusions for Pod Security Standards controls. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurity")] pub pod_security: Option, - /// ValidationFailureAction defines if a validation policy rule violation should block - /// the admission review request (Enforce), or allow (Audit) the admission review request - /// and report an error in a policy report. Optional. - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, - /// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction - /// namespace-wise. It overrides ValidationFailureAction for the specified namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] - pub validation_failure_action_overrides: Option>, } /// CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/). @@ -6378,19 +6347,16 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelAuditAnnotations { /// a ValidatingAdmissionPolicy must be unique. The key must be a qualified /// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. /// - /// /// The key is combined with the resource name of the /// ValidatingAdmissionPolicy to construct an audit annotation key: /// "{ValidatingAdmissionPolicy name}/{key}". /// - /// /// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy /// and the same audit annotation key, the annotation key will be identical. /// In this case, the first annotation written with the key will be included /// in the audit event and all subsequent annotations with the same key /// will be discarded. /// - /// /// Required. pub key: String, /// valueExpression represents the expression which is evaluated by CEL to @@ -6402,13 +6368,11 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelAuditAnnotations { /// If the result of the valueExpression is more than 10kb in length, it /// will be truncated to 10kb. /// - /// /// If multiple ValidatingAdmissionPolicyBinding resources match an /// API request, then the valueExpression will be evaluated for /// each binding. All unique values produced by the valueExpressions /// will be joined together in a comma-separated list. /// - /// /// Required. #[serde(rename = "valueExpression")] pub value_expression: String, @@ -6421,7 +6385,6 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelExpressions { /// ref: https://github.com/google/cel-spec /// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: /// - /// /// - 'object' - The object from the incoming request. The value is null for DELETE requests. /// - 'oldObject' - The existing object. The value is null for CREATE requests. /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). @@ -6434,11 +6397,9 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelExpressions { /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the /// request resource. /// - /// /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the /// object. No other metadata properties are accessible. /// - /// /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. /// Accessible property names are escaped according to the following rules when accessed in the expression: /// - '__' escapes to '__underscores__' @@ -6453,7 +6414,6 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelExpressions { /// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} /// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} /// - /// /// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. /// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: /// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and @@ -6511,26 +6471,26 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelParamKind { /// ParamRef references a parameter resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesValidateCelParamRef { - /// `name` is the name of the resource being referenced. + /// name is the name of the resource being referenced. /// + /// One of `name` or `selector` must be set, but `name` and `selector` are + /// mutually exclusive properties. If one is set, the other must be unset. /// - /// `name` and `selector` are mutually exclusive properties. If one is set, - /// the other must be unset. + /// A single parameter used for all admission requests can be configured + /// by setting the `name` field, leaving `selector` blank, and setting namespace + /// if `paramKind` is namespace-scoped. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// namespace is the namespace of the referenced resource. Allows limiting /// the search for params to a specific namespace. Applies to both `name` and /// `selector` fields. /// - /// /// A per-namespace parameter may be used by specifying a namespace-scoped /// `paramKind` in the policy and leaving this field empty. /// - /// /// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this /// field results in a configuration error. /// - /// /// - If `paramKind` is namespace-scoped, the namespace of the object being /// evaluated for admission will be used when this field is left unset. Take /// care that if this is left empty the binding must not match any cluster-scoped @@ -6544,19 +6504,17 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelParamRef { /// If set to `Deny`, then no matched parameters will be subject to the /// `failurePolicy` of the policy. /// - /// /// Allowed values are `Allow` or `Deny` - /// Default to `Deny` + /// + /// Required #[serde(default, skip_serializing_if = "Option::is_none", rename = "parameterNotFoundAction")] pub parameter_not_found_action: Option, /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// - /// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// - /// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6566,11 +6524,9 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelParamRef { /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// -/// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// -/// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6602,7 +6558,7 @@ pub struct ClusterPolicyStatusAutogenRulesValidateCelParamRefSelectorMatchExpres pub values: Option>, } -/// Variable is the definition of a variable that is used for composition. +/// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesValidateCelVariables { /// Expression is the expression that will be evaluated as the value of the variable. @@ -6625,6 +6581,71 @@ pub struct ClusterPolicyStatusAutogenRulesValidateDeny { pub conditions: Option, } +/// Validation is used to validate matching resources. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesValidateFailureAction { + Audit, + Enforce, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesValidateFailureActionOverrides { + /// ValidationFailureAction defines the policy validation failure action + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// A label selector is a label query over a set of resources. The result of matchLabels and + /// matchExpressions are ANDed. An empty label selector matches all objects. A null + /// label selector matches no objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesValidateFailureActionOverridesAction { + #[serde(rename = "audit")] + Audit, + #[serde(rename = "enforce")] + Enforce, + #[serde(rename = "Audit")] + AuditX, + #[serde(rename = "Enforce")] + EnforceX, +} + +/// A label selector is a label query over a set of resources. The result of matchLabels and +/// matchExpressions are ANDed. An empty label selector matches all objects. A null +/// label selector matches no objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesValidateFailureActionOverridesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesValidateFailureActionOverridesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesValidateForeach { @@ -6773,8 +6794,7 @@ pub struct ClusterPolicyStatusAutogenRulesValidateForeachContextGlobalReference #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -7338,71 +7358,6 @@ pub enum ClusterPolicyStatusAutogenRulesValidatePodSecurityVersion { Latest, } -/// Validation is used to validate matching resources. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyStatusAutogenRulesValidateValidationFailureAction { - Audit, - Enforce, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesValidateValidationFailureActionOverrides { - /// ValidationFailureAction defines the policy validation failure action - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// A label selector is a label query over a set of resources. The result of matchLabels and - /// matchExpressions are ANDed. An empty label selector matches all objects. A null - /// label selector matches no objects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyStatusAutogenRulesValidateValidationFailureActionOverridesAction { - #[serde(rename = "audit")] - Audit, - #[serde(rename = "enforce")] - Enforce, - #[serde(rename = "Audit")] - AuditX, - #[serde(rename = "Enforce")] - EnforceX, -} - -/// A label selector is a label query over a set of resources. The result of matchLabels and -/// matchExpressions are ANDed. An empty label selector matches all objects. A null -/// label selector matches no objects. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesValidateValidationFailureActionOverridesNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterPolicyStatusAutogenRulesValidateValidationFailureActionOverridesNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - /// ImageVerification validates that images that match the specified pattern /// are signed with the supplied public key. Once the image is verified it is /// mutated to include the SHA digest retrieved during the registration. @@ -7426,6 +7381,9 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] pub cosign_oci11: Option, + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -7475,9 +7433,6 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -8076,6 +8031,15 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestorsEntriesKeysSecret pub namespace: String, } +/// ImageVerification validates that images that match the specified pattern +/// are signed with the supplied public key. Once the image is verified it is +/// mutated to include the SHA digest retrieved during the registration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyStatusAutogenRulesVerifyImagesFailureAction { + Audit, + Enforce, +} + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesVerifyImagesImageRegistryCredentials { @@ -8102,15 +8066,6 @@ pub enum ClusterPolicyStatusAutogenRulesVerifyImagesType { Notary, } -/// ImageVerification validates that images that match the specified pattern -/// are signed with the supplied public key. Once the image is verified it is -/// mutated to include the SHA digest retrieved during the registration. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterPolicyStatusAutogenRulesVerifyImagesValidationFailureAction { - Audit, - Enforce, -} - /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs index f8929b328..c284df418 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs @@ -146,7 +146,6 @@ pub struct PolicyRulesCelPreconditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -156,7 +155,6 @@ pub struct PolicyRulesCelPreconditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -167,7 +165,6 @@ pub struct PolicyRulesCelPreconditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -285,8 +282,7 @@ pub struct PolicyRulesContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -970,8 +966,7 @@ pub struct PolicyRulesGenerateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -1627,8 +1622,7 @@ pub struct PolicyRulesMutateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -1933,8 +1927,7 @@ pub struct PolicyRulesMutateTargetsContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2097,6 +2090,16 @@ pub struct PolicyRulesValidate { /// Deny defines conditions used to pass or fail a validation rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub deny: Option, + /// FailureAction defines if a validation policy rule violation should block + /// the admission review request (Enforce), or allow (Audit) the admission review request + /// and report an error in a policy report. Optional. + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, + /// FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction + /// namespace-wise. It overrides FailureAction for the specified namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureActionOverrides")] + pub failure_action_overrides: Option>, /// ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, @@ -2113,16 +2116,6 @@ pub struct PolicyRulesValidate { /// by specifying exclusions for Pod Security Standards controls. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurity")] pub pod_security: Option, - /// ValidationFailureAction defines if a validation policy rule violation should block - /// the admission review request (Enforce), or allow (Audit) the admission review request - /// and report an error in a policy report. Optional. - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, - /// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction - /// namespace-wise. It overrides ValidationFailureAction for the specified namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] - pub validation_failure_action_overrides: Option>, } /// CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/). @@ -2154,19 +2147,16 @@ pub struct PolicyRulesValidateCelAuditAnnotations { /// a ValidatingAdmissionPolicy must be unique. The key must be a qualified /// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. /// - /// /// The key is combined with the resource name of the /// ValidatingAdmissionPolicy to construct an audit annotation key: /// "{ValidatingAdmissionPolicy name}/{key}". /// - /// /// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy /// and the same audit annotation key, the annotation key will be identical. /// In this case, the first annotation written with the key will be included /// in the audit event and all subsequent annotations with the same key /// will be discarded. /// - /// /// Required. pub key: String, /// valueExpression represents the expression which is evaluated by CEL to @@ -2178,13 +2168,11 @@ pub struct PolicyRulesValidateCelAuditAnnotations { /// If the result of the valueExpression is more than 10kb in length, it /// will be truncated to 10kb. /// - /// /// If multiple ValidatingAdmissionPolicyBinding resources match an /// API request, then the valueExpression will be evaluated for /// each binding. All unique values produced by the valueExpressions /// will be joined together in a comma-separated list. /// - /// /// Required. #[serde(rename = "valueExpression")] pub value_expression: String, @@ -2197,7 +2185,6 @@ pub struct PolicyRulesValidateCelExpressions { /// ref: https://github.com/google/cel-spec /// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: /// - /// /// - 'object' - The object from the incoming request. The value is null for DELETE requests. /// - 'oldObject' - The existing object. The value is null for CREATE requests. /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). @@ -2210,11 +2197,9 @@ pub struct PolicyRulesValidateCelExpressions { /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the /// request resource. /// - /// /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the /// object. No other metadata properties are accessible. /// - /// /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. /// Accessible property names are escaped according to the following rules when accessed in the expression: /// - '__' escapes to '__underscores__' @@ -2229,7 +2214,6 @@ pub struct PolicyRulesValidateCelExpressions { /// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} /// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} /// - /// /// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. /// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: /// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and @@ -2287,26 +2271,26 @@ pub struct PolicyRulesValidateCelParamKind { /// ParamRef references a parameter resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesValidateCelParamRef { - /// `name` is the name of the resource being referenced. + /// name is the name of the resource being referenced. /// + /// One of `name` or `selector` must be set, but `name` and `selector` are + /// mutually exclusive properties. If one is set, the other must be unset. /// - /// `name` and `selector` are mutually exclusive properties. If one is set, - /// the other must be unset. + /// A single parameter used for all admission requests can be configured + /// by setting the `name` field, leaving `selector` blank, and setting namespace + /// if `paramKind` is namespace-scoped. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// namespace is the namespace of the referenced resource. Allows limiting /// the search for params to a specific namespace. Applies to both `name` and /// `selector` fields. /// - /// /// A per-namespace parameter may be used by specifying a namespace-scoped /// `paramKind` in the policy and leaving this field empty. /// - /// /// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this /// field results in a configuration error. /// - /// /// - If `paramKind` is namespace-scoped, the namespace of the object being /// evaluated for admission will be used when this field is left unset. Take /// care that if this is left empty the binding must not match any cluster-scoped @@ -2320,19 +2304,17 @@ pub struct PolicyRulesValidateCelParamRef { /// If set to `Deny`, then no matched parameters will be subject to the /// `failurePolicy` of the policy. /// - /// /// Allowed values are `Allow` or `Deny` - /// Default to `Deny` + /// + /// Required #[serde(default, skip_serializing_if = "Option::is_none", rename = "parameterNotFoundAction")] pub parameter_not_found_action: Option, /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// - /// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// - /// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2342,11 +2324,9 @@ pub struct PolicyRulesValidateCelParamRef { /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// -/// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// -/// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2378,7 +2358,7 @@ pub struct PolicyRulesValidateCelParamRefSelectorMatchExpressions { pub values: Option>, } -/// Variable is the definition of a variable that is used for composition. +/// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesValidateCelVariables { /// Expression is the expression that will be evaluated as the value of the variable. @@ -2493,6 +2473,71 @@ pub enum PolicyRulesValidateDenyConditionsAnyOperator { DurationLessThan, } +/// Validation is used to validate matching resources. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesValidateFailureAction { + Audit, + Enforce, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesValidateFailureActionOverrides { + /// ValidationFailureAction defines the policy validation failure action + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// A label selector is a label query over a set of resources. The result of matchLabels and + /// matchExpressions are ANDed. An empty label selector matches all objects. A null + /// label selector matches no objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesValidateFailureActionOverridesAction { + #[serde(rename = "audit")] + Audit, + #[serde(rename = "enforce")] + Enforce, + #[serde(rename = "Audit")] + AuditX, + #[serde(rename = "Enforce")] + EnforceX, +} + +/// A label selector is a label query over a set of resources. The result of matchLabels and +/// matchExpressions are ANDed. An empty label selector matches all objects. A null +/// label selector matches no objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesValidateFailureActionOverridesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesValidateFailureActionOverridesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesValidateForeach { @@ -2641,8 +2686,7 @@ pub struct PolicyRulesValidateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -3206,71 +3250,6 @@ pub enum PolicyRulesValidatePodSecurityVersion { Latest, } -/// Validation is used to validate matching resources. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyRulesValidateValidationFailureAction { - Audit, - Enforce, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesValidateValidationFailureActionOverrides { - /// ValidationFailureAction defines the policy validation failure action - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// A label selector is a label query over a set of resources. The result of matchLabels and - /// matchExpressions are ANDed. An empty label selector matches all objects. A null - /// label selector matches no objects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyRulesValidateValidationFailureActionOverridesAction { - #[serde(rename = "audit")] - Audit, - #[serde(rename = "enforce")] - Enforce, - #[serde(rename = "Audit")] - AuditX, - #[serde(rename = "Enforce")] - EnforceX, -} - -/// A label selector is a label query over a set of resources. The result of matchLabels and -/// matchExpressions are ANDed. An empty label selector matches all objects. A null -/// label selector matches no objects. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesValidateValidationFailureActionOverridesNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyRulesValidateValidationFailureActionOverridesNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - /// ImageVerification validates that images that match the specified pattern /// are signed with the supplied public key. Once the image is verified it is /// mutated to include the SHA digest retrieved during the registration. @@ -3284,6 +3263,9 @@ pub struct PolicyRulesVerifyImages { /// Attestors specified the required attestors (i.e. authorities) #[serde(default, skip_serializing_if = "Option::is_none")] pub attestors: Option>, + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, /// ImageReferences is a list of matching image reference patterns. At least one pattern in the /// list must match the image for the rule to apply. Each image reference consists of a registry /// address (defaults to docker.io), repository, image, and tag (defaults to latest). @@ -3318,9 +3300,6 @@ pub struct PolicyRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -3919,6 +3898,15 @@ pub struct PolicyRulesVerifyImagesAttestorsEntriesKeysSecret { pub namespace: String, } +/// ImageVerification validates that images that match the specified pattern +/// are signed with the supplied public key. Once the image is verified it is +/// mutated to include the SHA digest retrieved during the registration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyRulesVerifyImagesFailureAction { + Audit, + Enforce, +} + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesVerifyImagesImageRegistryCredentials { @@ -3945,15 +3933,6 @@ pub enum PolicyRulesVerifyImagesType { Notary, } -/// ImageVerification validates that images that match the specified pattern -/// are signed with the supplied public key. Once the image is verified it is -/// mutated to include the SHA digest retrieved during the registration. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyRulesVerifyImagesValidationFailureAction { - Audit, - Enforce, -} - /// Spec defines policy behaviors and contains one or more rules. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PolicyValidationFailureAction { @@ -4058,7 +4037,6 @@ pub struct PolicyWebhookConfigurationMatchConditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -4068,7 +4046,6 @@ pub struct PolicyWebhookConfigurationMatchConditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -4079,7 +4056,6 @@ pub struct PolicyWebhookConfigurationMatchConditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -4166,13 +4142,12 @@ pub struct PolicyStatusAutogenRules { pub verify_images: Option>, } -/// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. +/// MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesCelPreconditions { /// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. /// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: /// - /// /// 'object' - The object from the incoming request. The value is null for DELETE requests. /// 'oldObject' - The existing object. The value is null for CREATE requests. /// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). @@ -4182,7 +4157,6 @@ pub struct PolicyStatusAutogenRulesCelPreconditions { /// request resource. /// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ /// - /// /// Required. pub expression: String, /// Name is an identifier for this match condition, used for strategic merging of MatchConditions, @@ -4193,7 +4167,6 @@ pub struct PolicyStatusAutogenRulesCelPreconditions { /// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an /// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') /// - /// /// Required. pub name: String, } @@ -4311,8 +4284,7 @@ pub struct PolicyStatusAutogenRulesContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -5143,8 +5115,7 @@ pub struct PolicyStatusAutogenRulesGenerateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -5947,8 +5918,7 @@ pub struct PolicyStatusAutogenRulesMutateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6253,8 +6223,7 @@ pub struct PolicyStatusAutogenRulesMutateTargetsContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -6322,6 +6291,16 @@ pub struct PolicyStatusAutogenRulesValidate { /// Deny defines conditions used to pass or fail a validation rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub deny: Option, + /// FailureAction defines if a validation policy rule violation should block + /// the admission review request (Enforce), or allow (Audit) the admission review request + /// and report an error in a policy report. Optional. + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, + /// FailureActionOverrides is a Cluster Policy attribute that specifies FailureAction + /// namespace-wise. It overrides FailureAction for the specified namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureActionOverrides")] + pub failure_action_overrides: Option>, /// ForEach applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, @@ -6338,16 +6317,6 @@ pub struct PolicyStatusAutogenRulesValidate { /// by specifying exclusions for Pod Security Standards controls. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSecurity")] pub pod_security: Option, - /// ValidationFailureAction defines if a validation policy rule violation should block - /// the admission review request (Enforce), or allow (Audit) the admission review request - /// and report an error in a policy report. Optional. - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, - /// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction - /// namespace-wise. It overrides ValidationFailureAction for the specified namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] - pub validation_failure_action_overrides: Option>, } /// CEL allows validation checks using the Common Expression Language (https://kubernetes.io/docs/reference/using-api/cel/). @@ -6379,19 +6348,16 @@ pub struct PolicyStatusAutogenRulesValidateCelAuditAnnotations { /// a ValidatingAdmissionPolicy must be unique. The key must be a qualified /// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. /// - /// /// The key is combined with the resource name of the /// ValidatingAdmissionPolicy to construct an audit annotation key: /// "{ValidatingAdmissionPolicy name}/{key}". /// - /// /// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy /// and the same audit annotation key, the annotation key will be identical. /// In this case, the first annotation written with the key will be included /// in the audit event and all subsequent annotations with the same key /// will be discarded. /// - /// /// Required. pub key: String, /// valueExpression represents the expression which is evaluated by CEL to @@ -6403,13 +6369,11 @@ pub struct PolicyStatusAutogenRulesValidateCelAuditAnnotations { /// If the result of the valueExpression is more than 10kb in length, it /// will be truncated to 10kb. /// - /// /// If multiple ValidatingAdmissionPolicyBinding resources match an /// API request, then the valueExpression will be evaluated for /// each binding. All unique values produced by the valueExpressions /// will be joined together in a comma-separated list. /// - /// /// Required. #[serde(rename = "valueExpression")] pub value_expression: String, @@ -6422,7 +6386,6 @@ pub struct PolicyStatusAutogenRulesValidateCelExpressions { /// ref: https://github.com/google/cel-spec /// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: /// - /// /// - 'object' - The object from the incoming request. The value is null for DELETE requests. /// - 'oldObject' - The existing object. The value is null for CREATE requests. /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). @@ -6435,11 +6398,9 @@ pub struct PolicyStatusAutogenRulesValidateCelExpressions { /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the /// request resource. /// - /// /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the /// object. No other metadata properties are accessible. /// - /// /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. /// Accessible property names are escaped according to the following rules when accessed in the expression: /// - '__' escapes to '__underscores__' @@ -6454,7 +6415,6 @@ pub struct PolicyStatusAutogenRulesValidateCelExpressions { /// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} /// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} /// - /// /// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. /// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: /// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and @@ -6512,26 +6472,26 @@ pub struct PolicyStatusAutogenRulesValidateCelParamKind { /// ParamRef references a parameter resource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesValidateCelParamRef { - /// `name` is the name of the resource being referenced. + /// name is the name of the resource being referenced. /// + /// One of `name` or `selector` must be set, but `name` and `selector` are + /// mutually exclusive properties. If one is set, the other must be unset. /// - /// `name` and `selector` are mutually exclusive properties. If one is set, - /// the other must be unset. + /// A single parameter used for all admission requests can be configured + /// by setting the `name` field, leaving `selector` blank, and setting namespace + /// if `paramKind` is namespace-scoped. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// namespace is the namespace of the referenced resource. Allows limiting /// the search for params to a specific namespace. Applies to both `name` and /// `selector` fields. /// - /// /// A per-namespace parameter may be used by specifying a namespace-scoped /// `paramKind` in the policy and leaving this field empty. /// - /// /// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this /// field results in a configuration error. /// - /// /// - If `paramKind` is namespace-scoped, the namespace of the object being /// evaluated for admission will be used when this field is left unset. Take /// care that if this is left empty the binding must not match any cluster-scoped @@ -6545,19 +6505,17 @@ pub struct PolicyStatusAutogenRulesValidateCelParamRef { /// If set to `Deny`, then no matched parameters will be subject to the /// `failurePolicy` of the policy. /// - /// /// Allowed values are `Allow` or `Deny` - /// Default to `Deny` + /// + /// Required #[serde(default, skip_serializing_if = "Option::is_none", rename = "parameterNotFoundAction")] pub parameter_not_found_action: Option, /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// - /// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// - /// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6567,11 +6525,9 @@ pub struct PolicyStatusAutogenRulesValidateCelParamRef { /// selector can be used to match multiple param objects based on their labels. /// Supply selector: {} to match all resources of the ParamKind. /// -/// /// If multiple params are found, they are all evaluated with the policy expressions /// and the results are ANDed together. /// -/// /// One of `name` or `selector` must be set, but `name` and `selector` are /// mutually exclusive properties. If one is set, the other must be unset. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6603,7 +6559,7 @@ pub struct PolicyStatusAutogenRulesValidateCelParamRefSelectorMatchExpressions { pub values: Option>, } -/// Variable is the definition of a variable that is used for composition. +/// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesValidateCelVariables { /// Expression is the expression that will be evaluated as the value of the variable. @@ -6626,6 +6582,71 @@ pub struct PolicyStatusAutogenRulesValidateDeny { pub conditions: Option, } +/// Validation is used to validate matching resources. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesValidateFailureAction { + Audit, + Enforce, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesValidateFailureActionOverrides { + /// ValidationFailureAction defines the policy validation failure action + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action: Option, + /// A label selector is a label query over a set of resources. The result of matchLabels and + /// matchExpressions are ANDed. An empty label selector matches all objects. A null + /// label selector matches no objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesValidateFailureActionOverridesAction { + #[serde(rename = "audit")] + Audit, + #[serde(rename = "enforce")] + Enforce, + #[serde(rename = "Audit")] + AuditX, + #[serde(rename = "Enforce")] + EnforceX, +} + +/// A label selector is a label query over a set of resources. The result of matchLabels and +/// matchExpressions are ANDed. An empty label selector matches all objects. A null +/// label selector matches no objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesValidateFailureActionOverridesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesValidateFailureActionOverridesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// ForEachValidation applies validate rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesValidateForeach { @@ -6774,8 +6795,7 @@ pub struct PolicyStatusAutogenRulesValidateForeachContextGlobalReference { #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] pub jmes_path: Option, /// Name of the global context entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -7339,71 +7359,6 @@ pub enum PolicyStatusAutogenRulesValidatePodSecurityVersion { Latest, } -/// Validation is used to validate matching resources. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyStatusAutogenRulesValidateValidationFailureAction { - Audit, - Enforce, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesValidateValidationFailureActionOverrides { - /// ValidationFailureAction defines the policy validation failure action - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// A label selector is a label query over a set of resources. The result of matchLabels and - /// matchExpressions are ANDed. An empty label selector matches all objects. A null - /// label selector matches no objects. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, -} - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyStatusAutogenRulesValidateValidationFailureActionOverridesAction { - #[serde(rename = "audit")] - Audit, - #[serde(rename = "enforce")] - Enforce, - #[serde(rename = "Audit")] - AuditX, - #[serde(rename = "Enforce")] - EnforceX, -} - -/// A label selector is a label query over a set of resources. The result of matchLabels and -/// matchExpressions are ANDed. An empty label selector matches all objects. A null -/// label selector matches no objects. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesValidateValidationFailureActionOverridesNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct PolicyStatusAutogenRulesValidateValidationFailureActionOverridesNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - /// ImageVerification validates that images that match the specified pattern /// are signed with the supplied public key. Once the image is verified it is /// mutated to include the SHA digest retrieved during the registration. @@ -7427,6 +7382,9 @@ pub struct PolicyStatusAutogenRulesVerifyImages { /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] pub cosign_oci11: Option, + /// Allowed values are Audit or Enforce. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureAction")] + pub failure_action: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -7476,9 +7434,6 @@ pub struct PolicyStatusAutogenRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, - /// Allowed values are Audit or Enforce. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureAction")] - pub validation_failure_action: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -8077,6 +8032,15 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestorsEntriesKeysSecret { pub namespace: String, } +/// ImageVerification validates that images that match the specified pattern +/// are signed with the supplied public key. Once the image is verified it is +/// mutated to include the SHA digest retrieved during the registration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyStatusAutogenRulesVerifyImagesFailureAction { + Audit, + Enforce, +} + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesVerifyImagesImageRegistryCredentials { @@ -8103,15 +8067,6 @@ pub enum PolicyStatusAutogenRulesVerifyImagesType { Notary, } -/// ImageVerification validates that images that match the specified pattern -/// are signed with the supplied public key. Once the image is verified it is -/// mutated to include the SHA digest retrieved during the registration. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum PolicyStatusAutogenRulesVerifyImagesValidationFailureAction { - Audit, - Enforce, -} - /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/lib.rs b/kube-custom-resources-rs/src/lib.rs index 5ac19b12c..46852d7c4 100644 --- a/kube-custom-resources-rs/src/lib.rs +++ b/kube-custom-resources-rs/src/lib.rs @@ -2962,6 +2962,7 @@ apiVersion `sonataflow.org/v1alpha08`: ## source_toolkit_fluxcd_io apiVersion `source.toolkit.fluxcd.io/v1`: +- `Bucket` - `GitRepository` - `HelmChart` - `HelmRepository` diff --git a/kube-custom-resources-rs/src/maps_k8s_elastic_co/v1alpha1/elasticmapsservers.rs b/kube-custom-resources-rs/src/maps_k8s_elastic_co/v1alpha1/elasticmapsservers.rs index 5ca97ece7..cd0aaa9b7 100644 --- a/kube-custom-resources-rs/src/maps_k8s_elastic_co/v1alpha1/elasticmapsservers.rs +++ b/kube-custom-resources-rs/src/maps_k8s_elastic_co/v1alpha1/elasticmapsservers.rs @@ -175,7 +175,6 @@ pub struct ElasticMapsServerHttpServiceSpec { /// clients must ensure that clusterIPs[0] and clusterIP have the same /// value. /// - /// /// This field may hold a maximum of two entries (dual-stack IPs, in either order). /// These IPs must correspond to the values of the ipFamilies field. Both /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -242,7 +241,6 @@ pub struct ElasticMapsServerHttpServiceSpec { /// NodePort, and LoadBalancer, and does apply to "headless" services. /// This field will be wiped when updating a Service to type ExternalName. /// - /// /// This field may hold a maximum of two entries (dual-stack families, in /// either order). These families must correspond to the values of the /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -355,17 +353,14 @@ pub struct ElasticMapsServerHttpServiceSpecPorts { /// This field follows standard Kubernetes label syntax. /// Valid values are either: /// - /// /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). /// - /// /// * Kubernetes-defined prefixed names: /// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 /// - /// /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] @@ -430,7 +425,6 @@ pub struct ElasticMapsServerHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// - /// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -444,7 +438,6 @@ pub struct ElasticMapsServerHttpTls { /// Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. /// The referenced secret should contain the following: /// -/// /// - `ca.crt`: The certificate authority (optional). /// - `tls.crt`: The certificate (or a chain). /// - `tls.key`: The private key to the first certificate in the certificate chain. @@ -602,9 +595,11 @@ pub struct ElasticMapsServerPodTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -615,11 +610,9 @@ pub struct ElasticMapsServerPodTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -634,6 +627,7 @@ pub struct ElasticMapsServerPodTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -686,11 +680,9 @@ pub struct ElasticMapsServerPodTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -715,7 +707,6 @@ pub struct ElasticMapsServerPodTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -979,7 +970,7 @@ pub struct ElasticMapsServerPodTemplateSpecAffinityPodAffinityPreferredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -990,7 +981,7 @@ pub struct ElasticMapsServerPodTemplateSpecAffinityPodAffinityPreferredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1100,7 +1091,7 @@ pub struct ElasticMapsServerPodTemplateSpecAffinityPodAffinityRequiredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1111,7 +1102,7 @@ pub struct ElasticMapsServerPodTemplateSpecAffinityPodAffinityRequiredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1252,7 +1243,7 @@ pub struct ElasticMapsServerPodTemplateSpecAffinityPodAntiAffinityPreferredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1263,7 +1254,7 @@ pub struct ElasticMapsServerPodTemplateSpecAffinityPodAntiAffinityPreferredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1373,7 +1364,7 @@ pub struct ElasticMapsServerPodTemplateSpecAffinityPodAntiAffinityRequiredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1384,7 +1375,7 @@ pub struct ElasticMapsServerPodTemplateSpecAffinityPodAntiAffinityRequiredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1690,9 +1681,7 @@ pub struct ElasticMapsServerPodTemplateSpecContainersEnvValueFromConfigMapKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1735,9 +1724,7 @@ pub struct ElasticMapsServerPodTemplateSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1766,9 +1753,7 @@ pub struct ElasticMapsServerPodTemplateSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1783,9 +1768,7 @@ pub struct ElasticMapsServerPodTemplateSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2070,7 +2053,6 @@ pub struct ElasticMapsServerPodTemplateSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2221,7 +2203,6 @@ pub struct ElasticMapsServerPodTemplateSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2293,11 +2274,9 @@ pub struct ElasticMapsServerPodTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2320,6 +2299,11 @@ pub struct ElasticMapsServerPodTemplateSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2353,7 +2337,7 @@ pub struct ElasticMapsServerPodTemplateSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2476,7 +2460,6 @@ pub struct ElasticMapsServerPodTemplateSpecContainersSecurityContextSeccompProfi /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2588,7 +2571,6 @@ pub struct ElasticMapsServerPodTemplateSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2673,10 +2655,8 @@ pub struct ElasticMapsServerPodTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2684,11 +2664,9 @@ pub struct ElasticMapsServerPodTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2743,7 +2721,6 @@ pub struct ElasticMapsServerPodTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2844,7 +2821,6 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2935,9 +2911,7 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersEnvValueFromConfig /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2980,9 +2954,7 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersEnvValueFromSecret /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3011,9 +2983,7 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersEnvFromConfigMapRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3028,9 +2998,7 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3311,7 +3279,6 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersLivenessProbeGrpc /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3459,7 +3426,6 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersReadinessProbeGrpc /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3530,11 +3496,9 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3557,6 +3521,11 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3589,7 +3558,7 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3712,7 +3681,6 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersSecurityContextSec /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3818,7 +3786,6 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3903,10 +3870,8 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3914,11 +3879,9 @@ pub struct ElasticMapsServerPodTemplateSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3953,9 +3916,7 @@ pub struct ElasticMapsServerPodTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4176,9 +4137,7 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersEnvValueFromConfigMapKe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4221,9 +4180,7 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersEnvValueFromSecretKeyRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4252,9 +4209,7 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4269,9 +4224,7 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4556,7 +4509,6 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4707,7 +4659,6 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4779,11 +4730,9 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4806,6 +4755,11 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4839,7 +4793,7 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4962,7 +4916,6 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersSecurityContextSeccompP /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5074,7 +5027,6 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5159,10 +5111,8 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5170,11 +5120,9 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5193,11 +5141,9 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5212,6 +5158,7 @@ pub struct ElasticMapsServerPodTemplateSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5239,7 +5186,10 @@ pub struct ElasticMapsServerPodTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5247,32 +5197,28 @@ pub struct ElasticMapsServerPodTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ElasticMapsServerPodTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5297,12 +5243,10 @@ pub struct ElasticMapsServerPodTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5352,15 +5296,24 @@ pub struct ElasticMapsServerPodTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5428,7 +5381,6 @@ pub struct ElasticMapsServerPodTemplateSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5520,7 +5472,6 @@ pub struct ElasticMapsServerPodTemplateSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5554,7 +5505,6 @@ pub struct ElasticMapsServerPodTemplateSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5570,7 +5520,6 @@ pub struct ElasticMapsServerPodTemplateSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5581,7 +5530,6 @@ pub struct ElasticMapsServerPodTemplateSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5690,7 +5638,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5701,17 +5648,14 @@ pub struct ElasticMapsServerPodTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5746,11 +5690,24 @@ pub struct ElasticMapsServerPodTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5809,7 +5766,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5905,9 +5861,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5945,9 +5899,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5977,9 +5929,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6046,9 +5996,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6142,7 +6090,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6153,17 +6100,14 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6176,7 +6120,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6186,11 +6129,9 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6204,7 +6145,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6214,11 +6154,9 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticMapsServerPodTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6321,7 +6259,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesEphemeralVolumeClaimTemplateSp /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6450,7 +6388,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6507,9 +6444,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6535,7 +6470,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6597,9 +6531,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticMapsServerPodTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6613,6 +6544,39 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ElasticMapsServerPodTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6628,7 +6592,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6668,9 +6631,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6748,25 +6709,24 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ElasticMapsServerPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6791,14 +6751,11 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6881,9 +6838,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6982,9 +6937,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7069,7 +7022,6 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7116,9 +7068,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7171,9 +7121,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7267,9 +7215,7 @@ pub struct ElasticMapsServerPodTemplateSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs index 26186aba3..9d2d99daa 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs @@ -5122,12 +5122,20 @@ pub enum ScrapeConfigHetznerSdConfigsTlsConfigMinVersion { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigHttpSdConfigs { /// Authorization header configuration to authenticate against the target HTTP endpoint. + /// Cannot be set at the same time as `oAuth2`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, /// BasicAuth information to authenticate against the target HTTP endpoint. /// More info: https://prometheus.io/docs/operating/configuration/#endpoints + /// Cannot be set at the same time as `authorization`, or `oAuth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -5135,6 +5143,10 @@ pub struct ScrapeConfigHttpSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, + /// Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + /// Cannot be set at the same time as `authorization`, or `basicAuth`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// @@ -5162,6 +5174,7 @@ pub struct ScrapeConfigHttpSdConfigs { } /// Authorization header configuration to authenticate against the target HTTP endpoint. +/// Cannot be set at the same time as `oAuth2`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigHttpSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. @@ -5195,6 +5208,7 @@ pub struct ScrapeConfigHttpSdConfigsAuthorizationCredentials { /// BasicAuth information to authenticate against the target HTTP endpoint. /// More info: https://prometheus.io/docs/operating/configuration/#endpoints +/// Cannot be set at the same time as `authorization`, or `oAuth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigHttpSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for @@ -5243,6 +5257,303 @@ pub struct ScrapeConfigHttpSdConfigsBasicAuthUsername { pub optional: Option, } +/// Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. +/// Cannot be set at the same time as `authorization`, or `basicAuth`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2 { + /// `clientId` specifies a key of a Secret or ConfigMap containing the + /// OAuth2 client's ID. + #[serde(rename = "clientId")] + pub client_id: ScrapeConfigHttpSdConfigsOauth2ClientId, + /// `clientSecret` specifies a key of a Secret containing the OAuth2 + /// client's secret. + #[serde(rename = "clientSecret")] + pub client_secret: ScrapeConfigHttpSdConfigsOauth2ClientSecret, + /// `endpointParams` configures the HTTP parameters to append to the token + /// URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] + pub endpoint_params: Option>, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] + pub proxy_url: Option, + /// `scopes` defines the OAuth2 scopes used for the token request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// TLS configuration to use when connecting to the OAuth2 server. + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, + /// `tokenURL` configures the URL to fetch the token from. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// `clientId` specifies a key of a Secret or ConfigMap containing the +/// OAuth2 client's ID. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2ClientId { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2ClientIdConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2ClientIdSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// `clientSecret` specifies a key of a Secret containing the OAuth2 +/// client's secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2ClientSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2ProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfig { + /// Certificate authority used when verifying server certificates. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ca: Option, + /// Client certificate to present when doing client-authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cert: Option, + /// Disable target certificate validation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] + pub insecure_skip_verify: Option, + /// Secret containing the client key file for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] + pub key_secret: Option, + /// Maximum acceptable TLS version. + /// + /// It requires Prometheus >= v2.41.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] + pub max_version: Option, + /// Minimum acceptable TLS version. + /// + /// It requires Prometheus >= v2.35.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] + pub min_version: Option, + /// Used to verify the hostname for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] + pub server_name: Option, +} + +/// Certificate authority used when verifying server certificates. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCa { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCaConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCaSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Client certificate to present when doing client-authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCert { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCertConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCertSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing the client key file for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigKeySecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigHttpSdConfigsOauth2TlsConfigMaxVersion { + #[serde(rename = "TLS10")] + Tls10, + #[serde(rename = "TLS11")] + Tls11, + #[serde(rename = "TLS12")] + Tls12, + #[serde(rename = "TLS13")] + Tls13, +} + +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigHttpSdConfigsOauth2TlsConfigMinVersion { + #[serde(rename = "TLS10")] + Tls10, + #[serde(rename = "TLS11")] + Tls11, + #[serde(rename = "TLS12")] + Tls12, + #[serde(rename = "TLS13")] + Tls13, +} + /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigHttpSdConfigsProxyConnectHeader { diff --git a/kube-custom-resources-rs/src/multicluster_x_k8s_io/v1alpha1/appliedworks.rs b/kube-custom-resources-rs/src/multicluster_x_k8s_io/v1alpha1/appliedworks.rs index 419098e1d..9f04ece34 100644 --- a/kube-custom-resources-rs/src/multicluster_x_k8s_io/v1alpha1/appliedworks.rs +++ b/kube-custom-resources-rs/src/multicluster_x_k8s_io/v1alpha1/appliedworks.rs @@ -28,12 +28,18 @@ pub struct AppliedWorkSpec { /// Status represents the current status of AppliedWork. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppliedWorkStatus { - /// AppliedResources represents a list of resources defined within the Work that are applied. Only resources with valid GroupVersionResource, namespace, and name are suitable. An item in this slice is deleted when there is no mapped manifest in Work.Spec or by finalizer. The resource relating to the item will also be removed from managed cluster. The deleted resource may still be present until the finalizers for that resource are finished. However, the resource will not be undeleted, so it can be removed from this list and eventual consistency is preserved. + /// AppliedResources represents a list of resources defined within the Work that are applied. + /// Only resources with valid GroupVersionResource, namespace, and name are suitable. + /// An item in this slice is deleted when there is no mapped manifest in Work.Spec or by finalizer. + /// The resource relating to the item will also be removed from managed cluster. + /// The deleted resource may still be present until the finalizers for that resource are finished. + /// However, the resource will not be undeleted, so it can be removed from this list and eventual consistency is preserved. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appliedResources")] pub applied_resources: Option>, } -/// AppliedResourceMeta represents the group, version, resource, name and namespace of a resource. Since these resources have been created, they must have valid group, version, resource, namespace, and name. +/// AppliedResourceMeta represents the group, version, resource, name and namespace of a resource. +/// Since these resources have been created, they must have valid group, version, resource, namespace, and name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppliedWorkStatusAppliedResources { /// Group is the group of the resource. @@ -45,15 +51,19 @@ pub struct AppliedWorkStatusAppliedResources { /// Name is the name of the resource #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace is the namespace of the resource, the resource is cluster scoped if the value is empty + /// Namespace is the namespace of the resource, the resource is cluster scoped if the value + /// is empty #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Ordinal represents an index in manifests list, so the condition can still be linked to a manifest even thougth manifest cannot be parsed successfully. + /// Ordinal represents an index in manifests list, so the condition can still be linked + /// to a manifest even thougth manifest cannot be parsed successfully. pub ordinal: i64, /// Resource is the resource type of the resource #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// UID is set on successful deletion of the Kubernetes resource by controller. The resource might be still visible on the managed cluster after this field is set. It is not directly settable by a client. + /// UID is set on successful deletion of the Kubernetes resource by controller. The + /// resource might be still visible on the managed cluster after this field is set. + /// It is not directly settable by a client. #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, /// Version is the version of the resource. diff --git a/kube-custom-resources-rs/src/operator_tigera_io/v1/installations.rs b/kube-custom-resources-rs/src/operator_tigera_io/v1/installations.rs index 138f90c2b..83f4937eb 100644 --- a/kube-custom-resources-rs/src/operator_tigera_io/v1/installations.rs +++ b/kube-custom-resources-rs/src/operator_tigera_io/v1/installations.rs @@ -1052,6 +1052,11 @@ pub struct InstallationCalicoNetworkIpPools { /// Default: false #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableBGPExport")] pub disable_bgp_export: Option, + /// DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool. + /// This is useful when you want to prevent new pods from receiving IP addresses from this pool, without + /// impacting any existing pods that have already been assigned addresses from this pool. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableNewAllocations")] + pub disable_new_allocations: Option, /// Encapsulation specifies the encapsulation type that will be used with /// the IP Pool. /// Default: IPIP @@ -7156,6 +7161,11 @@ pub struct InstallationStatusComputedCalicoNetworkIpPools { /// Default: false #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableBGPExport")] pub disable_bgp_export: Option, + /// DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool. + /// This is useful when you want to prevent new pods from receiving IP addresses from this pool, without + /// impacting any existing pods that have already been assigned addresses from this pool. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableNewAllocations")] + pub disable_new_allocations: Option, /// Encapsulation specifies the encapsulation type that will be used with /// the IP Pool. /// Default: IPIP diff --git a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs index 11f089ff7..beb83c25d 100644 --- a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs +++ b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs @@ -10883,7 +10883,7 @@ pub struct PerconaPGClusterPatroni { /// Patroni dynamic configuration settings. Changes to this value will be /// automatically reloaded without validation. Changes to certain PostgreSQL /// parameters cause PostgreSQL to restart. - /// More info: https://patroni.readthedocs.io/en/latest/SETTINGS.html + /// More info: https://patroni.readthedocs.io/en/latest/dynamic_configuration.html #[serde(default, skip_serializing_if = "Option::is_none", rename = "dynamicConfiguration")] pub dynamic_configuration: Option>, /// TTL of the cluster leader lock. "Think of it as the diff --git a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgupgrades.rs b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgupgrades.rs index de9eb0c37..e454537cb 100644 --- a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgupgrades.rs +++ b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgupgrades.rs @@ -56,10 +56,15 @@ pub struct PerconaPGUpgradeSpec { /// Resource requirements for the PGUpgrade container. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// The image name to use for PostgreSQL containers after upgrade. - /// When omitted, the value comes from an operator environment variable. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "toPostgresImage")] - pub to_postgres_image: Option, + /// The image to use for PgBackRest containers after upgrade. + #[serde(rename = "toPgBackRestImage")] + pub to_pg_back_rest_image: String, + /// The image to use for PgBouncer containers after upgrade. + #[serde(rename = "toPgBouncerImage")] + pub to_pg_bouncer_image: String, + /// The image to use for PostgreSQL containers after upgrade. + #[serde(rename = "toPostgresImage")] + pub to_postgres_image: String, /// The major version of PostgreSQL to be upgraded to. #[serde(rename = "toPostgresVersion")] pub to_postgres_version: i64, diff --git a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs index 372871c6d..4c132f354 100644 --- a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs +++ b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs @@ -22,7 +22,8 @@ use self::prelude::*; #[kube(derive="PartialEq")] pub struct PostgresClusterSpec { /// PostgreSQL backup configuration - pub backups: PostgresClusterBackups, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub backups: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub config: Option, /// The secret containing the replication client certificates and keys for @@ -144,7 +145,8 @@ pub struct PostgresClusterSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackups { /// pgBackRest archive configuration - pub pgbackrest: PostgresClusterBackupsPgbackrest, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pgbackrest: Option, /// VolumeSnapshot configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub snapshots: Option, diff --git a/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs b/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs index 9d44a4ba3..f49c678e2 100644 --- a/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs +++ b/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs @@ -45,6 +45,9 @@ pub struct RuntimeComponentSpec { /// Disable information about services being injected into the application pod's environment variables. Default to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableServiceLinks")] pub disable_service_links: Option, + /// DNS settings for the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dns: Option, /// An array of environment variables for the application container. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, @@ -102,6 +105,9 @@ pub struct RuntimeComponentSpec { /// Defines the desired state and cycle of stateful applications. #[serde(default, skip_serializing_if = "Option::is_none", rename = "statefulSet")] pub stateful_set: Option, + /// Tolerations to be added to application pods. Tolerations allow the scheduler to schedule pods on nodes with matching taints. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, /// Defines the topology spread constraints #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option, @@ -798,6 +804,48 @@ pub struct RuntimeComponentDeploymentUpdateStrategyRollingUpdate { pub max_unavailable: Option, } +/// DNS settings for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RuntimeComponentDns { + /// The DNS Config for the application pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub config: Option, + /// The DNS Policy for the application pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub policy: Option, +} + +/// The DNS Config for the application pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RuntimeComponentDnsConfig { + /// A list of DNS name server IP addresses. + /// This will be appended to the base nameservers generated from DNSPolicy. + /// Duplicated nameservers will be removed. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nameservers: Option>, + /// A list of DNS resolver options. + /// This will be merged with the base options generated from DNSPolicy. + /// Duplicated entries will be removed. Resolution options given in Options + /// will override those that appear in the base DNSPolicy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub options: Option>, + /// A list of DNS search domains for host-name lookup. + /// This will be appended to the base search paths generated from DNSPolicy. + /// Duplicated search paths will be removed. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub searches: Option>, +} + +/// PodDNSConfigOption defines DNS resolver options of a pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RuntimeComponentDnsConfigOptions { + /// Required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + /// EnvVar represents an environment variable present in a Container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentEnv { @@ -1011,11 +1059,31 @@ pub struct RuntimeComponentInitContainers { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, + /// Resources resize policy for the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizePolicy")] + pub resize_policy: Option>, /// Compute Resources required by this container. /// Cannot be updated. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + /// RestartPolicy defines the restart behavior of individual containers in a pod. + /// This field may only be set for init containers, and the only allowed value is "Always". + /// For non-init containers or when this field is not specified, + /// the restart behavior is defined by the Pod's restart policy and the container type. + /// Setting the RestartPolicy as "Always" for the init container will have the following effect: + /// this init container will be continually restarted on + /// exit until all regular containers have terminated. Once all regular + /// containers have completed, all init containers with restartPolicy "Always" + /// will be shut down. This lifecycle differs from normal init containers and + /// is often referred to as a "sidecar" container. Although this init + /// container still starts in the init container sequence, it does not wait + /// for the container to complete before proceeding to the next init + /// container. Instead, the next init container starts immediately after this + /// init container is started, or after any startupProbe has successfully + /// completed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, /// SecurityContext defines the security options the container should be run with. /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. /// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -1415,7 +1483,6 @@ pub struct RuntimeComponentInitContainersLivenessProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1468,7 +1535,6 @@ pub struct RuntimeComponentInitContainersLivenessProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentInitContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1568,7 +1634,6 @@ pub struct RuntimeComponentInitContainersReadinessProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1621,7 +1686,6 @@ pub struct RuntimeComponentInitContainersReadinessProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentInitContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1680,6 +1744,19 @@ pub struct RuntimeComponentInitContainersReadinessProbeTcpSocket { pub port: IntOrString, } +/// ContainerResizePolicy represents resource resize policy for the container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RuntimeComponentInitContainersResizePolicy { + /// Name of the resource to which this resource resize policy applies. + /// Supported values: cpu, memory. + #[serde(rename = "resourceName")] + pub resource_name: String, + /// Restart policy to apply when specified resource is resized. + /// If not specified, it defaults to NotRequired. + #[serde(rename = "restartPolicy")] + pub restart_policy: String, +} + /// Compute Resources required by this container. /// Cannot be updated. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -1702,7 +1779,7 @@ pub struct RuntimeComponentInitContainersResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, @@ -1840,7 +1917,7 @@ pub struct RuntimeComponentInitContainersSecurityContextSeccompProfile { /// localhostProfile indicates a profile defined in a file on the node should be used. /// The profile must be preconfigured on the node to work. /// Must be a descending path, relative to the kubelet's configured seccomp profile location. - /// Must only be set if type is "Localhost". + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, /// type indicates which kind of seccomp profile will be applied. @@ -1869,12 +1946,9 @@ pub struct RuntimeComponentInitContainersSecurityContextWindowsOptions { #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, /// HostProcess determines if a container should be run as a 'Host Process' container. - /// This field is alpha-level and will only be honored by components that enable the - /// WindowsHostProcessContainers feature flag. Setting this field without the feature - /// flag will result in errors when validating the Pod. All of a Pod's containers must - /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - /// containers and non-HostProcess containers). In addition, if HostProcess is true - /// then HostNetwork must also be set to true. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, /// The UserName in Windows to run the entrypoint of the container process. @@ -1902,7 +1976,6 @@ pub struct RuntimeComponentInitContainersStartupProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1955,7 +2028,6 @@ pub struct RuntimeComponentInitContainersStartupProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentInitContainersStartupProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2066,97 +2138,173 @@ pub struct RuntimeComponentMonitoring { pub labels: Option>, } -/// Endpoint defines a scrapeable endpoint serving Prometheus metrics. +/// Endpoint defines an endpoint serving Prometheus metrics to be scraped by +/// Prometheus. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpoints { - /// Authorization section for this endpoint + /// `authorization` configures the Authorization header credentials to use when + /// scraping the target. + /// + /// + /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, - /// BasicAuth allow an endpoint to authenticate over basic authentication - /// More info: https://prometheus.io/docs/operating/configuration/#endpoints + /// `basicAuth` configures the Basic Authentication credentials to use when + /// scraping the target. + /// + /// + /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, - /// File to read bearer token for scraping targets. + /// File to read bearer token for scraping the target. + /// + /// + /// Deprecated: use `authorization` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, - /// Secret to mount to read bearer token for scraping targets. The secret - /// needs to be in the same namespace as the service monitor and accessible by - /// the Prometheus Operator. + /// `bearerTokenSecret` specifies a key of a Secret containing the bearer + /// token for scraping targets. The secret needs to be in the same namespace + /// as the ServiceMonitor object and readable by the Prometheus Operator. + /// + /// + /// Deprecated: use `authorization` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenSecret")] pub bearer_token_secret: Option, - /// Whether to enable HTTP2. + /// `enableHttp2` can be used to disable HTTP2 when scraping the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHttp2")] pub enable_http2: Option, - /// Drop pods that are not running. (Failed, Succeeded). Enabled by default. + /// When true, the pods which are not running (e.g. either in Failed or + /// Succeeded state) are dropped during the target discovery. + /// + /// + /// If unset, the filtering is enabled. + /// + /// /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterRunning")] pub filter_running: Option, - /// FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. + /// `followRedirects` defines whether the scrape requests should follow HTTP + /// 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, - /// HonorLabels chooses the metric's labels on collisions with target labels. + /// When true, `honorLabels` preserves the metric's labels when they collide + /// with the target's labels. #[serde(default, skip_serializing_if = "Option::is_none", rename = "honorLabels")] pub honor_labels: Option, - /// HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + /// `honorTimestamps` controls whether Prometheus preserves the timestamps + /// when exposed by the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "honorTimestamps")] pub honor_timestamps: Option, - /// Interval at which metrics should be scraped - /// If not specified Prometheus' global scrape interval is used. + /// Interval at which Prometheus scrapes the metrics from the target. + /// + /// + /// If empty, Prometheus uses the global scrape interval. #[serde(default, skip_serializing_if = "Option::is_none")] pub interval: Option, - /// MetricRelabelConfigs to apply to samples before ingestion. + /// `metricRelabelings` configures the relabeling rules to apply to the + /// samples before ingestion. #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricRelabelings")] pub metric_relabelings: Option>, - /// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + /// `oauth2` configures the OAuth2 settings to use when scraping the target. + /// + /// + /// It requires Prometheus >= 2.27.0. + /// + /// + /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, - /// Optional HTTP URL parameters + /// params define optional HTTP URL parameters. #[serde(default, skip_serializing_if = "Option::is_none")] pub params: Option>, - /// HTTP path to scrape for metrics. + /// HTTP path from which to scrape for metrics. + /// + /// /// If empty, Prometheus uses the default value (e.g. `/metrics`). #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name of the service port this endpoint refers to. Mutually exclusive with targetPort. + /// Name of the Service port which this endpoint refers to. + /// + /// + /// It takes precedence over `targetPort`. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, - /// ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + /// `proxyURL` configures the HTTP Proxy URL (e.g. + /// "http://proxyserver:2195") to go through when scraping the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// RelabelConfigs to apply to samples before scraping. - /// Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. + /// `relabelings` configures the relabeling rules to apply the target's + /// metadata labels. + /// + /// + /// The Operator automatically adds relabelings for a few standard Kubernetes fields. + /// + /// /// The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + /// + /// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[serde(default, skip_serializing_if = "Option::is_none")] pub relabelings: Option>, /// HTTP scheme to use for scraping. + /// + /// + /// `http` and `https` are the expected values unless you rewrite the + /// `__scheme__` label via relabeling. + /// + /// + /// If empty, Prometheus uses the default value `http`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub scheme: Option, - /// Timeout after which the scrape is ended - /// If not specified, the Prometheus global scrape timeout is used unless it is less than `Interval` in which the latter is used. + pub scheme: Option, + /// Timeout after which Prometheus considers the scrape to be failed. + /// + /// + /// If empty, Prometheus uses the global scrape timeout unless it is less + /// than the target's scrape interval value in which the latter is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeTimeout")] pub scrape_timeout: Option, - /// Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. + /// Name or number of the target port of the `Pod` object behind the Service, the + /// port must be specified with container port property. + /// + /// + /// Deprecated: use `port` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, - /// TLS configuration to use when scraping the endpoint + /// TLS configuration to use when scraping the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, + /// `trackTimestampsStaleness` defines whether Prometheus tracks staleness of + /// the metrics that have an explicit timestamp present in scraped data. + /// Has no effect if `honorTimestamps` is false. + /// + /// + /// It requires Prometheus >= v2.48.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "trackTimestampsStaleness")] + pub track_timestamps_staleness: Option, } -/// Authorization section for this endpoint +/// `authorization` configures the Authorization header credentials to use when +/// scraping the target. +/// +/// +/// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsAuthorization { - /// The secret's key that contains the credentials of the request + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] pub credentials: Option, - /// Set the authentication type. Defaults to Bearer, Basic will cause an - /// error + /// Defines the authentication type. The value is case-insensitive. + /// + /// + /// "Basic" is not a supported value. + /// + /// + /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } -/// The secret's key that contains the credentials of the request +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. @@ -2171,22 +2319,25 @@ pub struct RuntimeComponentMonitoringEndpointsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth allow an endpoint to authenticate over basic authentication -/// More info: https://prometheus.io/docs/operating/configuration/#endpoints +/// `basicAuth` configures the Basic Authentication credentials to use when +/// scraping the target. +/// +/// +/// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsBasicAuth { - /// The secret in the service monitor namespace that contains the password - /// for authentication. + /// `password` specifies a key of a Secret containing the password for + /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] pub password: Option, - /// The secret in the service monitor namespace that contains the username - /// for authentication. + /// `username` specifies a key of a Secret containing the username for + /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] pub username: Option, } -/// The secret in the service monitor namespace that contains the password -/// for authentication. +/// `password` specifies a key of a Secret containing the password for +/// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. @@ -2201,8 +2352,8 @@ pub struct RuntimeComponentMonitoringEndpointsBasicAuthPassword { pub optional: Option, } -/// The secret in the service monitor namespace that contains the username -/// for authentication. +/// `username` specifies a key of a Secret containing the username for +/// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. @@ -2217,9 +2368,12 @@ pub struct RuntimeComponentMonitoringEndpointsBasicAuthUsername { pub optional: Option, } -/// Secret to mount to read bearer token for scraping targets. The secret -/// needs to be in the same namespace as the service monitor and accessible by -/// the Prometheus Operator. +/// `bearerTokenSecret` specifies a key of a Secret containing the bearer +/// token for scraping targets. The secret needs to be in the same namespace +/// as the ServiceMonitor object and readable by the Prometheus Operator. +/// +/// +/// Deprecated: use `authorization` instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsBearerTokenSecret { /// The key of the secret to select from. Must be a valid secret key. @@ -2234,42 +2388,64 @@ pub struct RuntimeComponentMonitoringEndpointsBearerTokenSecret { pub optional: Option, } -/// RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. -/// It defines ``-section of Prometheus configuration. -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsMetricRelabelings { - /// Action to perform based on regex matching. Default is 'replace'. - /// uppercase and lowercase actions require Prometheus >= 2.36. + /// Action to perform based on the regex matching. + /// + /// + /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + /// + /// + /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. + /// + /// + /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, - /// Regular expression against which the extracted value is matched. Default is '(.*)' + /// Regular expression against which the extracted value is matched. #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, - /// Replacement value against which a regex replace is performed if the - /// regular expression matches. Regex capture groups are available. Default is '$1' + /// Replacement value against which a Replace action is performed if the + /// regular expression matches. + /// + /// + /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, - /// Separator placed between concatenated source label values. default is ';'. + /// Separator is the string between concatenated SourceLabels. #[serde(default, skip_serializing_if = "Option::is_none")] pub separator: Option, - /// The source labels select values from existing labels. Their content is concatenated - /// using the configured separator and matched against the configured regular expression - /// for the replace, keep, and drop actions. + /// The source labels select values from existing labels. Their content is + /// concatenated using the configured Separator and matched against the + /// configured regular expression. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceLabels")] pub source_labels: Option>, - /// Label to which the resulting value is written in a replace action. - /// It is mandatory for replace actions. Regex capture groups are available. + /// Label to which the resulting string is written in a replacement. + /// + /// + /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + /// `KeepEqual` and `DropEqual` actions. + /// + /// + /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, } -/// RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. -/// It defines ``-section of Prometheus configuration. -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum RuntimeComponentMonitoringEndpointsMetricRelabelingsAction { #[serde(rename = "replace")] @@ -2312,27 +2488,37 @@ pub enum RuntimeComponentMonitoringEndpointsMetricRelabelingsAction { DropEqual, } -/// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. +/// `oauth2` configures the OAuth2 settings to use when scraping the target. +/// +/// +/// It requires Prometheus >= 2.27.0. +/// +/// +/// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsOauth2 { - /// The secret or configmap containing the OAuth2 client id + /// `clientId` specifies a key of a Secret or ConfigMap containing the + /// OAuth2 client's ID. #[serde(rename = "clientId")] pub client_id: RuntimeComponentMonitoringEndpointsOauth2ClientId, - /// The secret containing the OAuth2 client secret + /// `clientSecret` specifies a key of a Secret containing the OAuth2 + /// client's secret. #[serde(rename = "clientSecret")] pub client_secret: RuntimeComponentMonitoringEndpointsOauth2ClientSecret, - /// Parameters to append to the token URL + /// `endpointParams` configures the HTTP parameters to append to the token + /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] pub endpoint_params: Option>, - /// OAuth2 scopes used for the token request + /// `scopes` defines the OAuth2 scopes used for the token request. #[serde(default, skip_serializing_if = "Option::is_none")] pub scopes: Option>, - /// The URL to fetch the token from + /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, } -/// The secret or configmap containing the OAuth2 client id +/// `clientId` specifies a key of a Secret or ConfigMap containing the +/// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsOauth2ClientId { /// ConfigMap containing data to use for the targets. @@ -2373,7 +2559,8 @@ pub struct RuntimeComponentMonitoringEndpointsOauth2ClientIdSecret { pub optional: Option, } -/// The secret containing the OAuth2 client secret +/// `clientSecret` specifies a key of a Secret containing the OAuth2 +/// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. @@ -2388,42 +2575,64 @@ pub struct RuntimeComponentMonitoringEndpointsOauth2ClientSecret { pub optional: Option, } -/// RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. -/// It defines ``-section of Prometheus configuration. -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsRelabelings { - /// Action to perform based on regex matching. Default is 'replace'. - /// uppercase and lowercase actions require Prometheus >= 2.36. + /// Action to perform based on the regex matching. + /// + /// + /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + /// + /// + /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. + /// + /// + /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, - /// Regular expression against which the extracted value is matched. Default is '(.*)' + /// Regular expression against which the extracted value is matched. #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, - /// Replacement value against which a regex replace is performed if the - /// regular expression matches. Regex capture groups are available. Default is '$1' + /// Replacement value against which a Replace action is performed if the + /// regular expression matches. + /// + /// + /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, - /// Separator placed between concatenated source label values. default is ';'. + /// Separator is the string between concatenated SourceLabels. #[serde(default, skip_serializing_if = "Option::is_none")] pub separator: Option, - /// The source labels select values from existing labels. Their content is concatenated - /// using the configured separator and matched against the configured regular expression - /// for the replace, keep, and drop actions. + /// The source labels select values from existing labels. Their content is + /// concatenated using the configured Separator and matched against the + /// configured regular expression. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceLabels")] pub source_labels: Option>, - /// Label to which the resulting value is written in a replace action. - /// It is mandatory for replace actions. Regex capture groups are available. + /// Label to which the resulting string is written in a replacement. + /// + /// + /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + /// `KeepEqual` and `DropEqual` actions. + /// + /// + /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, } -/// RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. -/// It defines ``-section of Prometheus configuration. -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum RuntimeComponentMonitoringEndpointsRelabelingsAction { #[serde(rename = "replace")] @@ -2466,7 +2675,17 @@ pub enum RuntimeComponentMonitoringEndpointsRelabelingsAction { DropEqual, } -/// TLS configuration to use when scraping the endpoint +/// Endpoint defines an endpoint serving Prometheus metrics to be scraped by +/// Prometheus. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum RuntimeComponentMonitoringEndpointsScheme { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, +} + +/// TLS configuration to use when scraping the target. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsTlsConfig { /// Certificate authority used when verifying server certificates. @@ -2631,7 +2850,6 @@ pub struct RuntimeComponentProbesLiveness { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -2684,7 +2902,6 @@ pub struct RuntimeComponentProbesLivenessExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentProbesLivenessGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2754,7 +2971,6 @@ pub struct RuntimeComponentProbesReadiness { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -2807,7 +3023,6 @@ pub struct RuntimeComponentProbesReadinessExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentProbesReadinessGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2877,7 +3092,6 @@ pub struct RuntimeComponentProbesStartup { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -2930,7 +3144,6 @@ pub struct RuntimeComponentProbesStartupExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentProbesStartupGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -3009,7 +3222,7 @@ pub struct RuntimeComponentResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, @@ -3171,7 +3384,7 @@ pub struct RuntimeComponentSecurityContextSeccompProfile { /// localhostProfile indicates a profile defined in a file on the node should be used. /// The profile must be preconfigured on the node to work. /// Must be a descending path, relative to the kubelet's configured seccomp profile location. - /// Must only be set if type is "Localhost". + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, /// type indicates which kind of seccomp profile will be applied. @@ -3200,12 +3413,9 @@ pub struct RuntimeComponentSecurityContextWindowsOptions { #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, /// HostProcess determines if a container should be run as a 'Host Process' container. - /// This field is alpha-level and will only be honored by components that enable the - /// WindowsHostProcessContainers feature flag. Setting this field without the feature - /// flag will result in errors when validating the Pod. All of a Pod's containers must - /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - /// containers and non-HostProcess containers). In addition, if HostProcess is true - /// then HostNetwork must also be set to true. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, /// The UserName in Windows to run the entrypoint of the container process. @@ -3263,10 +3473,22 @@ pub struct RuntimeComponentServiceCertificate { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentServicePorts { /// The application protocol for this port. + /// This is used as a hint for implementations to offer richer behavior for protocols that they understand. /// This field follows standard Kubernetes label syntax. - /// Un-prefixed names are reserved for IANA standard service names (as per + /// Valid values are either: + /// + /// + /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). - /// Non-standard protocols should use prefixed names such as + /// + /// + /// * Kubernetes-defined prefixed names: + /// * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + /// + /// + /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] pub app_protocol: Option, @@ -3394,11 +3616,31 @@ pub struct RuntimeComponentSidecarContainers { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, + /// Resources resize policy for the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizePolicy")] + pub resize_policy: Option>, /// Compute Resources required by this container. /// Cannot be updated. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + /// RestartPolicy defines the restart behavior of individual containers in a pod. + /// This field may only be set for init containers, and the only allowed value is "Always". + /// For non-init containers or when this field is not specified, + /// the restart behavior is defined by the Pod's restart policy and the container type. + /// Setting the RestartPolicy as "Always" for the init container will have the following effect: + /// this init container will be continually restarted on + /// exit until all regular containers have terminated. Once all regular + /// containers have completed, all init containers with restartPolicy "Always" + /// will be shut down. This lifecycle differs from normal init containers and + /// is often referred to as a "sidecar" container. Although this init + /// container still starts in the init container sequence, it does not wait + /// for the container to complete before proceeding to the next init + /// container. Instead, the next init container starts immediately after this + /// init container is started, or after any startupProbe has successfully + /// completed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, /// SecurityContext defines the security options the container should be run with. /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. /// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -3798,7 +4040,6 @@ pub struct RuntimeComponentSidecarContainersLivenessProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -3851,7 +4092,6 @@ pub struct RuntimeComponentSidecarContainersLivenessProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentSidecarContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -3951,7 +4191,6 @@ pub struct RuntimeComponentSidecarContainersReadinessProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -4004,7 +4243,6 @@ pub struct RuntimeComponentSidecarContainersReadinessProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentSidecarContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -4063,6 +4301,19 @@ pub struct RuntimeComponentSidecarContainersReadinessProbeTcpSocket { pub port: IntOrString, } +/// ContainerResizePolicy represents resource resize policy for the container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RuntimeComponentSidecarContainersResizePolicy { + /// Name of the resource to which this resource resize policy applies. + /// Supported values: cpu, memory. + #[serde(rename = "resourceName")] + pub resource_name: String, + /// Restart policy to apply when specified resource is resized. + /// If not specified, it defaults to NotRequired. + #[serde(rename = "restartPolicy")] + pub restart_policy: String, +} + /// Compute Resources required by this container. /// Cannot be updated. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -4085,7 +4336,7 @@ pub struct RuntimeComponentSidecarContainersResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, @@ -4223,7 +4474,7 @@ pub struct RuntimeComponentSidecarContainersSecurityContextSeccompProfile { /// localhostProfile indicates a profile defined in a file on the node should be used. /// The profile must be preconfigured on the node to work. /// Must be a descending path, relative to the kubelet's configured seccomp profile location. - /// Must only be set if type is "Localhost". + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, /// type indicates which kind of seccomp profile will be applied. @@ -4252,12 +4503,9 @@ pub struct RuntimeComponentSidecarContainersSecurityContextWindowsOptions { #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, /// HostProcess determines if a container should be run as a 'Host Process' container. - /// This field is alpha-level and will only be honored by components that enable the - /// WindowsHostProcessContainers feature flag. Setting this field without the feature - /// flag will result in errors when validating the Pod. All of a Pod's containers must - /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - /// containers and non-HostProcess containers). In addition, if HostProcess is true - /// then HostNetwork must also be set to true. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, /// The UserName in Windows to run the entrypoint of the container process. @@ -4285,7 +4533,6 @@ pub struct RuntimeComponentSidecarContainersStartupProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -4338,7 +4585,6 @@ pub struct RuntimeComponentSidecarContainersStartupProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentSidecarContainersStartupProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -4668,7 +4914,7 @@ pub struct RuntimeComponentStatefulSetStorageVolumeClaimTemplateSpecResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, @@ -4722,13 +4968,70 @@ pub struct RuntimeComponentStatefulSetStorageVolumeClaimTemplateStatus { /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - /// be larger than the actual capacity when a volume expansion operation is requested. + /// allocatedResourceStatuses stores status of resource being resized for the given PVC. + /// Key names follow standard Kubernetes label syntax. Valid values are either: + /// * Un-prefixed keys: + /// - storage - the capacity of the volume. + /// * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" + /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered + /// reserved and hence may not be used. + /// + /// + /// ClaimResourceStatus can be in any of following states: + /// - ControllerResizeInProgress: + /// State set when resize controller starts resizing the volume in control-plane. + /// - ControllerResizeFailed: + /// State set when resize has failed in resize controller with a terminal error. + /// - NodeResizePending: + /// State set when resize controller has finished resizing the volume but further resizing of + /// volume is needed on the node. + /// - NodeResizeInProgress: + /// State set when kubelet starts resizing the volume. + /// - NodeResizeFailed: + /// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + /// NodeResizeFailed. + /// For example: if expanding a PVC for more capacity - this field can be one of the following states: + /// - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + /// - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" + /// When this field is not set, it means that no resize operation is in progress for the given PVC. + /// + /// + /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus + /// should ignore the update for the purpose it was designed. For example - a controller that + /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid + /// resources associated with PVC. + /// + /// + /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] + pub allocated_resource_statuses: Option>, + /// allocatedResources tracks the resources allocated to a PVC including its capacity. + /// Key names follow standard Kubernetes label syntax. Valid values are either: + /// * Un-prefixed keys: + /// - storage - the capacity of the volume. + /// * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" + /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered + /// reserved and hence may not be used. + /// + /// + /// Capacity reported here may be larger than the actual capacity when a volume expansion operation + /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. /// If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. /// If a volume expansion capacity request is lowered, allocatedResources is only /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. + /// + /// + /// A controller that receives PVC update with previously unknown resourceName + /// should ignore the update for the purpose it was designed. For example - a controller that + /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid + /// resources associated with PVC. + /// + /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -4742,12 +5045,6 @@ pub struct RuntimeComponentStatefulSetStorageVolumeClaimTemplateStatus { /// phase represents the current phase of PersistentVolumeClaim. #[serde(default, skip_serializing_if = "Option::is_none")] pub phase: Option, - /// resizeStatus stores status of resize operation. - /// ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - /// string by resize controller or kubelet. - /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizeStatus")] - pub resize_status: Option, } /// Specifies the strategy to replace old statefulSet pods with new pods. @@ -4782,6 +5079,36 @@ pub struct RuntimeComponentStatefulSetUpdateStrategyRollingUpdate { pub partition: Option, } +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RuntimeComponentTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + /// Defines the topology spread constraints #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentTopologySpreadConstraints { @@ -4805,8 +5132,13 @@ pub struct RuntimeComponentTopologySpreadConstraintsConstraints { /// spreading will be calculated. The keys are used to lookup values from the /// incoming pod labels, those key-value labels are ANDed with labelSelector /// to select the group of existing pods over which spreading will be calculated - /// for the incoming pod. Keys that don't exist in the incoming pod labels will + /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// MatchLabelKeys cannot be set when LabelSelector isn't set. + /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. + /// + /// + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MaxSkew describes the degree to which pods may be unevenly distributed. @@ -5436,7 +5768,7 @@ pub struct RuntimeComponentVolumesEmptyDir { /// The maximum usage on memory medium EmptyDir would be the minimum value between /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. /// The default is nil which means that the limit is undefined. - /// More info: http://kubernetes.io/docs/user-guide/volumes#emptydir + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] pub size_limit: Option, } @@ -5708,7 +6040,7 @@ pub struct RuntimeComponentVolumesEphemeralVolumeClaimTemplateSpecResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, diff --git a/kube-custom-resources-rs/src/rc_app_stacks/v1beta2/runtimecomponents.rs b/kube-custom-resources-rs/src/rc_app_stacks/v1beta2/runtimecomponents.rs index 1740ca9b2..fa215c8df 100644 --- a/kube-custom-resources-rs/src/rc_app_stacks/v1beta2/runtimecomponents.rs +++ b/kube-custom-resources-rs/src/rc_app_stacks/v1beta2/runtimecomponents.rs @@ -993,11 +993,31 @@ pub struct RuntimeComponentInitContainers { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, + /// Resources resize policy for the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizePolicy")] + pub resize_policy: Option>, /// Compute Resources required by this container. /// Cannot be updated. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + /// RestartPolicy defines the restart behavior of individual containers in a pod. + /// This field may only be set for init containers, and the only allowed value is "Always". + /// For non-init containers or when this field is not specified, + /// the restart behavior is defined by the Pod's restart policy and the container type. + /// Setting the RestartPolicy as "Always" for the init container will have the following effect: + /// this init container will be continually restarted on + /// exit until all regular containers have terminated. Once all regular + /// containers have completed, all init containers with restartPolicy "Always" + /// will be shut down. This lifecycle differs from normal init containers and + /// is often referred to as a "sidecar" container. Although this init + /// container still starts in the init container sequence, it does not wait + /// for the container to complete before proceeding to the next init + /// container. Instead, the next init container starts immediately after this + /// init container is started, or after any startupProbe has successfully + /// completed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, /// SecurityContext defines the security options the container should be run with. /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. /// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -1397,7 +1417,6 @@ pub struct RuntimeComponentInitContainersLivenessProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1450,7 +1469,6 @@ pub struct RuntimeComponentInitContainersLivenessProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentInitContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1550,7 +1568,6 @@ pub struct RuntimeComponentInitContainersReadinessProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1603,7 +1620,6 @@ pub struct RuntimeComponentInitContainersReadinessProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentInitContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1662,6 +1678,19 @@ pub struct RuntimeComponentInitContainersReadinessProbeTcpSocket { pub port: IntOrString, } +/// ContainerResizePolicy represents resource resize policy for the container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RuntimeComponentInitContainersResizePolicy { + /// Name of the resource to which this resource resize policy applies. + /// Supported values: cpu, memory. + #[serde(rename = "resourceName")] + pub resource_name: String, + /// Restart policy to apply when specified resource is resized. + /// If not specified, it defaults to NotRequired. + #[serde(rename = "restartPolicy")] + pub restart_policy: String, +} + /// Compute Resources required by this container. /// Cannot be updated. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -1684,7 +1713,7 @@ pub struct RuntimeComponentInitContainersResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, @@ -1822,7 +1851,7 @@ pub struct RuntimeComponentInitContainersSecurityContextSeccompProfile { /// localhostProfile indicates a profile defined in a file on the node should be used. /// The profile must be preconfigured on the node to work. /// Must be a descending path, relative to the kubelet's configured seccomp profile location. - /// Must only be set if type is "Localhost". + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, /// type indicates which kind of seccomp profile will be applied. @@ -1851,12 +1880,9 @@ pub struct RuntimeComponentInitContainersSecurityContextWindowsOptions { #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, /// HostProcess determines if a container should be run as a 'Host Process' container. - /// This field is alpha-level and will only be honored by components that enable the - /// WindowsHostProcessContainers feature flag. Setting this field without the feature - /// flag will result in errors when validating the Pod. All of a Pod's containers must - /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - /// containers and non-HostProcess containers). In addition, if HostProcess is true - /// then HostNetwork must also be set to true. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, /// The UserName in Windows to run the entrypoint of the container process. @@ -1884,7 +1910,6 @@ pub struct RuntimeComponentInitContainersStartupProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1937,7 +1962,6 @@ pub struct RuntimeComponentInitContainersStartupProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentInitContainersStartupProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2048,97 +2072,173 @@ pub struct RuntimeComponentMonitoring { pub labels: Option>, } -/// Endpoint defines a scrapeable endpoint serving Prometheus metrics. +/// Endpoint defines an endpoint serving Prometheus metrics to be scraped by +/// Prometheus. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpoints { - /// Authorization section for this endpoint + /// `authorization` configures the Authorization header credentials to use when + /// scraping the target. + /// + /// + /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, - /// BasicAuth allow an endpoint to authenticate over basic authentication - /// More info: https://prometheus.io/docs/operating/configuration/#endpoints + /// `basicAuth` configures the Basic Authentication credentials to use when + /// scraping the target. + /// + /// + /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, - /// File to read bearer token for scraping targets. + /// File to read bearer token for scraping the target. + /// + /// + /// Deprecated: use `authorization` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenFile")] pub bearer_token_file: Option, - /// Secret to mount to read bearer token for scraping targets. The secret - /// needs to be in the same namespace as the service monitor and accessible by - /// the Prometheus Operator. + /// `bearerTokenSecret` specifies a key of a Secret containing the bearer + /// token for scraping targets. The secret needs to be in the same namespace + /// as the ServiceMonitor object and readable by the Prometheus Operator. + /// + /// + /// Deprecated: use `authorization` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerTokenSecret")] pub bearer_token_secret: Option, - /// Whether to enable HTTP2. + /// `enableHttp2` can be used to disable HTTP2 when scraping the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHttp2")] pub enable_http2: Option, - /// Drop pods that are not running. (Failed, Succeeded). Enabled by default. + /// When true, the pods which are not running (e.g. either in Failed or + /// Succeeded state) are dropped during the target discovery. + /// + /// + /// If unset, the filtering is enabled. + /// + /// /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterRunning")] pub filter_running: Option, - /// FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. + /// `followRedirects` defines whether the scrape requests should follow HTTP + /// 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, - /// HonorLabels chooses the metric's labels on collisions with target labels. + /// When true, `honorLabels` preserves the metric's labels when they collide + /// with the target's labels. #[serde(default, skip_serializing_if = "Option::is_none", rename = "honorLabels")] pub honor_labels: Option, - /// HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + /// `honorTimestamps` controls whether Prometheus preserves the timestamps + /// when exposed by the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "honorTimestamps")] pub honor_timestamps: Option, - /// Interval at which metrics should be scraped - /// If not specified Prometheus' global scrape interval is used. + /// Interval at which Prometheus scrapes the metrics from the target. + /// + /// + /// If empty, Prometheus uses the global scrape interval. #[serde(default, skip_serializing_if = "Option::is_none")] pub interval: Option, - /// MetricRelabelConfigs to apply to samples before ingestion. + /// `metricRelabelings` configures the relabeling rules to apply to the + /// samples before ingestion. #[serde(default, skip_serializing_if = "Option::is_none", rename = "metricRelabelings")] pub metric_relabelings: Option>, - /// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + /// `oauth2` configures the OAuth2 settings to use when scraping the target. + /// + /// + /// It requires Prometheus >= 2.27.0. + /// + /// + /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, - /// Optional HTTP URL parameters + /// params define optional HTTP URL parameters. #[serde(default, skip_serializing_if = "Option::is_none")] pub params: Option>, - /// HTTP path to scrape for metrics. + /// HTTP path from which to scrape for metrics. + /// + /// /// If empty, Prometheus uses the default value (e.g. `/metrics`). #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name of the service port this endpoint refers to. Mutually exclusive with targetPort. + /// Name of the Service port which this endpoint refers to. + /// + /// + /// It takes precedence over `targetPort`. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, - /// ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + /// `proxyURL` configures the HTTP Proxy URL (e.g. + /// "http://proxyserver:2195") to go through when scraping the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// RelabelConfigs to apply to samples before scraping. - /// Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. + /// `relabelings` configures the relabeling rules to apply the target's + /// metadata labels. + /// + /// + /// The Operator automatically adds relabelings for a few standard Kubernetes fields. + /// + /// /// The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + /// + /// /// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[serde(default, skip_serializing_if = "Option::is_none")] pub relabelings: Option>, /// HTTP scheme to use for scraping. + /// + /// + /// `http` and `https` are the expected values unless you rewrite the + /// `__scheme__` label via relabeling. + /// + /// + /// If empty, Prometheus uses the default value `http`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub scheme: Option, - /// Timeout after which the scrape is ended - /// If not specified, the Prometheus global scrape timeout is used unless it is less than `Interval` in which the latter is used. + pub scheme: Option, + /// Timeout after which Prometheus considers the scrape to be failed. + /// + /// + /// If empty, Prometheus uses the global scrape timeout unless it is less + /// than the target's scrape interval value in which the latter is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeTimeout")] pub scrape_timeout: Option, - /// Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. + /// Name or number of the target port of the `Pod` object behind the Service, the + /// port must be specified with container port property. + /// + /// + /// Deprecated: use `port` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, - /// TLS configuration to use when scraping the endpoint + /// TLS configuration to use when scraping the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, + /// `trackTimestampsStaleness` defines whether Prometheus tracks staleness of + /// the metrics that have an explicit timestamp present in scraped data. + /// Has no effect if `honorTimestamps` is false. + /// + /// + /// It requires Prometheus >= v2.48.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "trackTimestampsStaleness")] + pub track_timestamps_staleness: Option, } -/// Authorization section for this endpoint +/// `authorization` configures the Authorization header credentials to use when +/// scraping the target. +/// +/// +/// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsAuthorization { - /// The secret's key that contains the credentials of the request + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] pub credentials: Option, - /// Set the authentication type. Defaults to Bearer, Basic will cause an - /// error + /// Defines the authentication type. The value is case-insensitive. + /// + /// + /// "Basic" is not a supported value. + /// + /// + /// Default: "Bearer" #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } -/// The secret's key that contains the credentials of the request +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. @@ -2153,22 +2253,25 @@ pub struct RuntimeComponentMonitoringEndpointsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth allow an endpoint to authenticate over basic authentication -/// More info: https://prometheus.io/docs/operating/configuration/#endpoints +/// `basicAuth` configures the Basic Authentication credentials to use when +/// scraping the target. +/// +/// +/// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsBasicAuth { - /// The secret in the service monitor namespace that contains the password - /// for authentication. + /// `password` specifies a key of a Secret containing the password for + /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] pub password: Option, - /// The secret in the service monitor namespace that contains the username - /// for authentication. + /// `username` specifies a key of a Secret containing the username for + /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] pub username: Option, } -/// The secret in the service monitor namespace that contains the password -/// for authentication. +/// `password` specifies a key of a Secret containing the password for +/// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. @@ -2183,8 +2286,8 @@ pub struct RuntimeComponentMonitoringEndpointsBasicAuthPassword { pub optional: Option, } -/// The secret in the service monitor namespace that contains the username -/// for authentication. +/// `username` specifies a key of a Secret containing the username for +/// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. @@ -2199,9 +2302,12 @@ pub struct RuntimeComponentMonitoringEndpointsBasicAuthUsername { pub optional: Option, } -/// Secret to mount to read bearer token for scraping targets. The secret -/// needs to be in the same namespace as the service monitor and accessible by -/// the Prometheus Operator. +/// `bearerTokenSecret` specifies a key of a Secret containing the bearer +/// token for scraping targets. The secret needs to be in the same namespace +/// as the ServiceMonitor object and readable by the Prometheus Operator. +/// +/// +/// Deprecated: use `authorization` instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsBearerTokenSecret { /// The key of the secret to select from. Must be a valid secret key. @@ -2216,42 +2322,64 @@ pub struct RuntimeComponentMonitoringEndpointsBearerTokenSecret { pub optional: Option, } -/// RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. -/// It defines ``-section of Prometheus configuration. -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsMetricRelabelings { - /// Action to perform based on regex matching. Default is 'replace'. - /// uppercase and lowercase actions require Prometheus >= 2.36. + /// Action to perform based on the regex matching. + /// + /// + /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + /// + /// + /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. + /// + /// + /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, - /// Regular expression against which the extracted value is matched. Default is '(.*)' + /// Regular expression against which the extracted value is matched. #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, - /// Replacement value against which a regex replace is performed if the - /// regular expression matches. Regex capture groups are available. Default is '$1' + /// Replacement value against which a Replace action is performed if the + /// regular expression matches. + /// + /// + /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, - /// Separator placed between concatenated source label values. default is ';'. + /// Separator is the string between concatenated SourceLabels. #[serde(default, skip_serializing_if = "Option::is_none")] pub separator: Option, - /// The source labels select values from existing labels. Their content is concatenated - /// using the configured separator and matched against the configured regular expression - /// for the replace, keep, and drop actions. + /// The source labels select values from existing labels. Their content is + /// concatenated using the configured Separator and matched against the + /// configured regular expression. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceLabels")] pub source_labels: Option>, - /// Label to which the resulting value is written in a replace action. - /// It is mandatory for replace actions. Regex capture groups are available. + /// Label to which the resulting string is written in a replacement. + /// + /// + /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + /// `KeepEqual` and `DropEqual` actions. + /// + /// + /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, } -/// RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. -/// It defines ``-section of Prometheus configuration. -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum RuntimeComponentMonitoringEndpointsMetricRelabelingsAction { #[serde(rename = "replace")] @@ -2294,27 +2422,37 @@ pub enum RuntimeComponentMonitoringEndpointsMetricRelabelingsAction { DropEqual, } -/// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. +/// `oauth2` configures the OAuth2 settings to use when scraping the target. +/// +/// +/// It requires Prometheus >= 2.27.0. +/// +/// +/// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsOauth2 { - /// The secret or configmap containing the OAuth2 client id + /// `clientId` specifies a key of a Secret or ConfigMap containing the + /// OAuth2 client's ID. #[serde(rename = "clientId")] pub client_id: RuntimeComponentMonitoringEndpointsOauth2ClientId, - /// The secret containing the OAuth2 client secret + /// `clientSecret` specifies a key of a Secret containing the OAuth2 + /// client's secret. #[serde(rename = "clientSecret")] pub client_secret: RuntimeComponentMonitoringEndpointsOauth2ClientSecret, - /// Parameters to append to the token URL + /// `endpointParams` configures the HTTP parameters to append to the token + /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] pub endpoint_params: Option>, - /// OAuth2 scopes used for the token request + /// `scopes` defines the OAuth2 scopes used for the token request. #[serde(default, skip_serializing_if = "Option::is_none")] pub scopes: Option>, - /// The URL to fetch the token from + /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, } -/// The secret or configmap containing the OAuth2 client id +/// `clientId` specifies a key of a Secret or ConfigMap containing the +/// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsOauth2ClientId { /// ConfigMap containing data to use for the targets. @@ -2355,7 +2493,8 @@ pub struct RuntimeComponentMonitoringEndpointsOauth2ClientIdSecret { pub optional: Option, } -/// The secret containing the OAuth2 client secret +/// `clientSecret` specifies a key of a Secret containing the OAuth2 +/// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. @@ -2370,42 +2509,64 @@ pub struct RuntimeComponentMonitoringEndpointsOauth2ClientSecret { pub optional: Option, } -/// RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. -/// It defines ``-section of Prometheus configuration. -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsRelabelings { - /// Action to perform based on regex matching. Default is 'replace'. - /// uppercase and lowercase actions require Prometheus >= 2.36. + /// Action to perform based on the regex matching. + /// + /// + /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + /// + /// + /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// Modulus to take of the hash of the source label values. + /// + /// + /// Only applicable when the action is `HashMod`. #[serde(default, skip_serializing_if = "Option::is_none")] pub modulus: Option, - /// Regular expression against which the extracted value is matched. Default is '(.*)' + /// Regular expression against which the extracted value is matched. #[serde(default, skip_serializing_if = "Option::is_none")] pub regex: Option, - /// Replacement value against which a regex replace is performed if the - /// regular expression matches. Regex capture groups are available. Default is '$1' + /// Replacement value against which a Replace action is performed if the + /// regular expression matches. + /// + /// + /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none")] pub replacement: Option, - /// Separator placed between concatenated source label values. default is ';'. + /// Separator is the string between concatenated SourceLabels. #[serde(default, skip_serializing_if = "Option::is_none")] pub separator: Option, - /// The source labels select values from existing labels. Their content is concatenated - /// using the configured separator and matched against the configured regular expression - /// for the replace, keep, and drop actions. + /// The source labels select values from existing labels. Their content is + /// concatenated using the configured Separator and matched against the + /// configured regular expression. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceLabels")] pub source_labels: Option>, - /// Label to which the resulting value is written in a replace action. - /// It is mandatory for replace actions. Regex capture groups are available. + /// Label to which the resulting string is written in a replacement. + /// + /// + /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + /// `KeepEqual` and `DropEqual` actions. + /// + /// + /// Regex capture groups are available. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] pub target_label: Option, } -/// RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. -/// It defines ``-section of Prometheus configuration. -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum RuntimeComponentMonitoringEndpointsRelabelingsAction { #[serde(rename = "replace")] @@ -2448,7 +2609,17 @@ pub enum RuntimeComponentMonitoringEndpointsRelabelingsAction { DropEqual, } -/// TLS configuration to use when scraping the endpoint +/// Endpoint defines an endpoint serving Prometheus metrics to be scraped by +/// Prometheus. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum RuntimeComponentMonitoringEndpointsScheme { + #[serde(rename = "http")] + Http, + #[serde(rename = "https")] + Https, +} + +/// TLS configuration to use when scraping the target. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentMonitoringEndpointsTlsConfig { /// Certificate authority used when verifying server certificates. @@ -2599,7 +2770,6 @@ pub struct RuntimeComponentProbesLiveness { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -2652,7 +2822,6 @@ pub struct RuntimeComponentProbesLivenessExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentProbesLivenessGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2722,7 +2891,6 @@ pub struct RuntimeComponentProbesReadiness { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -2775,7 +2943,6 @@ pub struct RuntimeComponentProbesReadinessExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentProbesReadinessGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2845,7 +3012,6 @@ pub struct RuntimeComponentProbesStartup { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -2898,7 +3064,6 @@ pub struct RuntimeComponentProbesStartupExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentProbesStartupGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2977,7 +3142,7 @@ pub struct RuntimeComponentResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, @@ -3054,10 +3219,22 @@ pub struct RuntimeComponentService { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentServicePorts { /// The application protocol for this port. + /// This is used as a hint for implementations to offer richer behavior for protocols that they understand. /// This field follows standard Kubernetes label syntax. - /// Un-prefixed names are reserved for IANA standard service names (as per + /// Valid values are either: + /// + /// + /// * Un-prefixed protocol names - reserved for IANA standard service names (as per /// RFC-6335 and https://www.iana.org/assignments/service-names). - /// Non-standard protocols should use prefixed names such as + /// + /// + /// * Kubernetes-defined prefixed names: + /// * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + /// + /// + /// * Other protocols should use implementation-defined prefixed names such as /// mycompany.com/my-custom-protocol. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] pub app_protocol: Option, @@ -3174,11 +3351,31 @@ pub struct RuntimeComponentSidecarContainers { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, + /// Resources resize policy for the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizePolicy")] + pub resize_policy: Option>, /// Compute Resources required by this container. /// Cannot be updated. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + /// RestartPolicy defines the restart behavior of individual containers in a pod. + /// This field may only be set for init containers, and the only allowed value is "Always". + /// For non-init containers or when this field is not specified, + /// the restart behavior is defined by the Pod's restart policy and the container type. + /// Setting the RestartPolicy as "Always" for the init container will have the following effect: + /// this init container will be continually restarted on + /// exit until all regular containers have terminated. Once all regular + /// containers have completed, all init containers with restartPolicy "Always" + /// will be shut down. This lifecycle differs from normal init containers and + /// is often referred to as a "sidecar" container. Although this init + /// container still starts in the init container sequence, it does not wait + /// for the container to complete before proceeding to the next init + /// container. Instead, the next init container starts immediately after this + /// init container is started, or after any startupProbe has successfully + /// completed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, /// SecurityContext defines the security options the container should be run with. /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. /// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -3578,7 +3775,6 @@ pub struct RuntimeComponentSidecarContainersLivenessProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -3631,7 +3827,6 @@ pub struct RuntimeComponentSidecarContainersLivenessProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentSidecarContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -3731,7 +3926,6 @@ pub struct RuntimeComponentSidecarContainersReadinessProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -3784,7 +3978,6 @@ pub struct RuntimeComponentSidecarContainersReadinessProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentSidecarContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -3843,6 +4036,19 @@ pub struct RuntimeComponentSidecarContainersReadinessProbeTcpSocket { pub port: IntOrString, } +/// ContainerResizePolicy represents resource resize policy for the container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RuntimeComponentSidecarContainersResizePolicy { + /// Name of the resource to which this resource resize policy applies. + /// Supported values: cpu, memory. + #[serde(rename = "resourceName")] + pub resource_name: String, + /// Restart policy to apply when specified resource is resized. + /// If not specified, it defaults to NotRequired. + #[serde(rename = "restartPolicy")] + pub restart_policy: String, +} + /// Compute Resources required by this container. /// Cannot be updated. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -3865,7 +4071,7 @@ pub struct RuntimeComponentSidecarContainersResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, @@ -4003,7 +4209,7 @@ pub struct RuntimeComponentSidecarContainersSecurityContextSeccompProfile { /// localhostProfile indicates a profile defined in a file on the node should be used. /// The profile must be preconfigured on the node to work. /// Must be a descending path, relative to the kubelet's configured seccomp profile location. - /// Must only be set if type is "Localhost". + /// Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, /// type indicates which kind of seccomp profile will be applied. @@ -4032,12 +4238,9 @@ pub struct RuntimeComponentSidecarContainersSecurityContextWindowsOptions { #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, /// HostProcess determines if a container should be run as a 'Host Process' container. - /// This field is alpha-level and will only be honored by components that enable the - /// WindowsHostProcessContainers feature flag. Setting this field without the feature - /// flag will result in errors when validating the Pod. All of a Pod's containers must - /// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - /// containers and non-HostProcess containers). In addition, if HostProcess is true - /// then HostNetwork must also be set to true. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, /// The UserName in Windows to run the entrypoint of the container process. @@ -4065,7 +4268,6 @@ pub struct RuntimeComponentSidecarContainersStartupProbe { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. - /// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -4118,7 +4320,6 @@ pub struct RuntimeComponentSidecarContainersStartupProbeExec { } /// GRPC specifies an action involving a GRPC port. -/// This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuntimeComponentSidecarContainersStartupProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -4445,7 +4646,7 @@ pub struct RuntimeComponentStatefulSetStorageVolumeClaimTemplateSpecResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, @@ -4499,13 +4700,70 @@ pub struct RuntimeComponentStatefulSetStorageVolumeClaimTemplateStatus { /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - /// be larger than the actual capacity when a volume expansion operation is requested. + /// allocatedResourceStatuses stores status of resource being resized for the given PVC. + /// Key names follow standard Kubernetes label syntax. Valid values are either: + /// * Un-prefixed keys: + /// - storage - the capacity of the volume. + /// * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" + /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered + /// reserved and hence may not be used. + /// + /// + /// ClaimResourceStatus can be in any of following states: + /// - ControllerResizeInProgress: + /// State set when resize controller starts resizing the volume in control-plane. + /// - ControllerResizeFailed: + /// State set when resize has failed in resize controller with a terminal error. + /// - NodeResizePending: + /// State set when resize controller has finished resizing the volume but further resizing of + /// volume is needed on the node. + /// - NodeResizeInProgress: + /// State set when kubelet starts resizing the volume. + /// - NodeResizeFailed: + /// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + /// NodeResizeFailed. + /// For example: if expanding a PVC for more capacity - this field can be one of the following states: + /// - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + /// - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + /// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" + /// When this field is not set, it means that no resize operation is in progress for the given PVC. + /// + /// + /// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus + /// should ignore the update for the purpose it was designed. For example - a controller that + /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid + /// resources associated with PVC. + /// + /// + /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResourceStatuses")] + pub allocated_resource_statuses: Option>, + /// allocatedResources tracks the resources allocated to a PVC including its capacity. + /// Key names follow standard Kubernetes label syntax. Valid values are either: + /// * Un-prefixed keys: + /// - storage - the capacity of the volume. + /// * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" + /// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered + /// reserved and hence may not be used. + /// + /// + /// Capacity reported here may be larger than the actual capacity when a volume expansion operation + /// is requested. /// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. /// If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. /// If a volume expansion capacity request is lowered, allocatedResources is only /// lowered if there are no expansion operations in progress and if the actual volume capacity /// is equal or lower than the requested capacity. + /// + /// + /// A controller that receives PVC update with previously unknown resourceName + /// should ignore the update for the purpose it was designed. For example - a controller that + /// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid + /// resources associated with PVC. + /// + /// /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocatedResources")] pub allocated_resources: Option>, @@ -4519,12 +4777,6 @@ pub struct RuntimeComponentStatefulSetStorageVolumeClaimTemplateStatus { /// phase represents the current phase of PersistentVolumeClaim. #[serde(default, skip_serializing_if = "Option::is_none")] pub phase: Option, - /// resizeStatus stores status of resize operation. - /// ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - /// string by resize controller or kubelet. - /// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizeStatus")] - pub resize_status: Option, } /// Specifies the strategy to replace old statefulSet pods with new pods. @@ -5055,7 +5307,7 @@ pub struct RuntimeComponentVolumesEmptyDir { /// The maximum usage on memory medium EmptyDir would be the minimum value between /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. /// The default is nil which means that the limit is undefined. - /// More info: http://kubernetes.io/docs/user-guide/volumes#emptydir + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] pub size_limit: Option, } @@ -5327,7 +5579,7 @@ pub struct RuntimeComponentVolumesEphemeralVolumeClaimTemplateSpecResources { pub limits: Option>, /// Requests describes the minimum amount of compute resources required. /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, diff --git a/kube-custom-resources-rs/src/reports_kyverno_io/v1/clusterephemeralreports.rs b/kube-custom-resources-rs/src/reports_kyverno_io/v1/clusterephemeralreports.rs index aaf7b87b4..547212d49 100644 --- a/kube-custom-resources-rs/src/reports_kyverno_io/v1/clusterephemeralreports.rs +++ b/kube-custom-resources-rs/src/reports_kyverno_io/v1/clusterephemeralreports.rs @@ -133,22 +133,6 @@ pub struct ClusterEphemeralReportResultsResourceSelectorMatchExpressions { } /// ObjectReference contains enough information to let you inspect or modify the referred object. -/// --- -/// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. -/// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. -/// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular -/// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". -/// Those cannot be well described when embedded. -/// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. -/// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity -/// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple -/// and the version of the actual struct is irrelevant. -/// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type -/// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. -/// -/// -/// Instead of using this type, create a locally provided and used type that is well-focused on your reference. -/// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterEphemeralReportResultsResources { /// API version of the referent. @@ -161,7 +145,6 @@ pub struct ClusterEphemeralReportResultsResources { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. diff --git a/kube-custom-resources-rs/src/reports_kyverno_io/v1/ephemeralreports.rs b/kube-custom-resources-rs/src/reports_kyverno_io/v1/ephemeralreports.rs index 27cca2709..1f3b982ff 100644 --- a/kube-custom-resources-rs/src/reports_kyverno_io/v1/ephemeralreports.rs +++ b/kube-custom-resources-rs/src/reports_kyverno_io/v1/ephemeralreports.rs @@ -134,22 +134,6 @@ pub struct EphemeralReportResultsResourceSelectorMatchExpressions { } /// ObjectReference contains enough information to let you inspect or modify the referred object. -/// --- -/// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. -/// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. -/// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular -/// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". -/// Those cannot be well described when embedded. -/// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. -/// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity -/// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple -/// and the version of the actual struct is irrelevant. -/// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type -/// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. -/// -/// -/// Instead of using this type, create a locally provided and used type that is well-focused on your reference. -/// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EphemeralReportResultsResources { /// API version of the referent. @@ -162,7 +146,6 @@ pub struct EphemeralReportResultsResources { /// the event) or if no container name is specified "spec.containers[2]" (container with /// index 2 in this pod). This syntax is chosen only to have some well-defined way of /// referencing a part of an object. - /// TODO: this design is not final and this field is subject to change in the future. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] pub field_path: Option, /// Kind of the referent. diff --git a/kube-custom-resources-rs/src/scylla_scylladb_com/v1/scyllaclusters.rs b/kube-custom-resources-rs/src/scylla_scylladb_com/v1/scyllaclusters.rs index 04bb9aa49..90241e308 100644 --- a/kube-custom-resources-rs/src/scylla_scylladb_com/v1/scyllaclusters.rs +++ b/kube-custom-resources-rs/src/scylla_scylladb_com/v1/scyllaclusters.rs @@ -48,7 +48,7 @@ pub struct ScyllaClusterSpec { /// dnsDomains is a list of DNS domains this cluster is reachable by. These domains are used when setting up the infrastructure, like certificates. EXPERIMENTAL. Do not rely on any particular behaviour controlled by this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dnsDomains")] pub dns_domains: Option>, - /// exposeOptions specifies options for exposing ScyllaCluster services. EXPERIMENTAL. Do not rely on any particular behaviour controlled by this field. + /// exposeOptions specifies options for exposing ScyllaCluster services. This field is immutable. EXPERIMENTAL. Do not rely on any particular behaviour controlled by this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "exposeOptions")] pub expose_options: Option, /// externalSeeds specifies the external seeds to propagate to ScyllaDB binary on startup as "seeds" parameter of seed-provider. @@ -1831,7 +1831,7 @@ pub struct ScyllaClusterDatacenterRacksVolumesVsphereVolume { pub volume_path: String, } -/// exposeOptions specifies options for exposing ScyllaCluster services. EXPERIMENTAL. Do not rely on any particular behaviour controlled by this field. +/// exposeOptions specifies options for exposing ScyllaCluster services. This field is immutable. EXPERIMENTAL. Do not rely on any particular behaviour controlled by this field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScyllaClusterExposeOptions { /// BroadcastOptions defines how ScyllaDB node publishes its IP address to other nodes and clients. diff --git a/kube-custom-resources-rs/src/sonataflow_org/v1alpha08/sonataflowplatforms.rs b/kube-custom-resources-rs/src/sonataflow_org/v1alpha08/sonataflowplatforms.rs index cf1f26c1e..f6809c8e4 100644 --- a/kube-custom-resources-rs/src/sonataflow_org/v1alpha08/sonataflowplatforms.rs +++ b/kube-custom-resources-rs/src/sonataflow_org/v1alpha08/sonataflowplatforms.rs @@ -438,6 +438,9 @@ pub struct SonataFlowPlatformServicesDataIndex { /// Persists service to a datasource of choice. Ephemeral by default. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SonataFlowPlatformServicesDataIndexPersistence { + /// Whether to migrate database on service startup? + #[serde(rename = "migrateDBOnStartUp")] + pub migrate_db_on_start_up: bool, /// Connect configured services to a postgresql database. #[serde(default, skip_serializing_if = "Option::is_none")] pub postgresql: Option, @@ -4599,6 +4602,9 @@ pub struct SonataFlowPlatformServicesJobService { /// Persists service to a datasource of choice. Ephemeral by default. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SonataFlowPlatformServicesJobServicePersistence { + /// Whether to migrate database on service startup? + #[serde(rename = "migrateDBOnStartUp")] + pub migrate_db_on_start_up: bool, /// Connect configured services to a postgresql database. #[serde(default, skip_serializing_if = "Option::is_none")] pub postgresql: Option, diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/buckets.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/buckets.rs new file mode 100644 index 000000000..5ea40545e --- /dev/null +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/buckets.rs @@ -0,0 +1,275 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/fluxcd/source-controller/source.toolkit.fluxcd.io/v1/buckets.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.20.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +/// BucketSpec specifies the required configuration to produce an Artifact for +/// an object storage bucket. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "source.toolkit.fluxcd.io", version = "v1", kind = "Bucket", plural = "buckets")] +#[kube(namespaced)] +#[kube(status = "BucketStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct BucketSpec { + /// BucketName is the name of the object storage bucket. + #[serde(rename = "bucketName")] + pub bucket_name: String, + /// CertSecretRef can be given the name of a Secret containing + /// either or both of + /// + /// - a PEM-encoded client certificate (`tls.crt`) and private + /// key (`tls.key`); + /// - a PEM-encoded CA certificate (`ca.crt`) + /// + /// and whichever are supplied, will be used for connecting to the + /// bucket. The client cert and key are useful if you are + /// authenticating with a certificate; the CA cert is useful if + /// you are using a self-signed server certificate. The Secret must + /// be of type `Opaque` or `kubernetes.io/tls`. + /// + /// This field is only supported for the `generic` provider. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] + pub cert_secret_ref: Option, + /// Endpoint is the object storage address the BucketName is located at. + pub endpoint: String, + /// Ignore overrides the set of excluded patterns in the .sourceignore format + /// (which is the same as .gitignore). If not provided, a default will be used, + /// consult the documentation for your version to find out what those are. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ignore: Option, + /// Insecure allows connecting to a non-TLS HTTP Endpoint. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub insecure: Option, + /// Interval at which the Bucket Endpoint is checked for updates. + /// This interval is approximate and may be subject to jitter to ensure + /// efficient use of resources. + pub interval: String, + /// Prefix to use for server-side filtering of files in the Bucket. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, + /// Provider of the object storage bucket. + /// Defaults to 'generic', which expects an S3 (API) compatible object + /// storage. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub provider: Option, + /// ProxySecretRef specifies the Secret containing the proxy configuration + /// to use while communicating with the Bucket server. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxySecretRef")] + pub proxy_secret_ref: Option, + /// Region of the Endpoint where the BucketName is located in. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + /// SecretRef specifies the Secret containing authentication credentials + /// for the Bucket. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// STS specifies the required configuration to use a Security Token + /// Service for fetching temporary credentials to authenticate in a + /// Bucket provider. + /// + /// This field is only supported for the `aws` and `generic` providers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sts: Option, + /// Suspend tells the controller to suspend the reconciliation of this + /// Bucket. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub suspend: Option, + /// Timeout for fetch operations, defaults to 60s. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// CertSecretRef can be given the name of a Secret containing +/// either or both of +/// +/// - a PEM-encoded client certificate (`tls.crt`) and private +/// key (`tls.key`); +/// - a PEM-encoded CA certificate (`ca.crt`) +/// +/// and whichever are supplied, will be used for connecting to the +/// bucket. The client cert and key are useful if you are +/// authenticating with a certificate; the CA cert is useful if +/// you are using a self-signed server certificate. The Secret must +/// be of type `Opaque` or `kubernetes.io/tls`. +/// +/// This field is only supported for the `generic` provider. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketCertSecretRef { + /// Name of the referent. + pub name: String, +} + +/// BucketSpec specifies the required configuration to produce an Artifact for +/// an object storage bucket. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum BucketProvider { + #[serde(rename = "generic")] + Generic, + #[serde(rename = "aws")] + Aws, + #[serde(rename = "gcp")] + Gcp, + #[serde(rename = "azure")] + Azure, +} + +/// ProxySecretRef specifies the Secret containing the proxy configuration +/// to use while communicating with the Bucket server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketProxySecretRef { + /// Name of the referent. + pub name: String, +} + +/// SecretRef specifies the Secret containing authentication credentials +/// for the Bucket. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketSecretRef { + /// Name of the referent. + pub name: String, +} + +/// STS specifies the required configuration to use a Security Token +/// Service for fetching temporary credentials to authenticate in a +/// Bucket provider. +/// +/// This field is only supported for the `aws` and `generic` providers. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct BucketSts { + /// CertSecretRef can be given the name of a Secret containing + /// either or both of + /// + /// - a PEM-encoded client certificate (`tls.crt`) and private + /// key (`tls.key`); + /// - a PEM-encoded CA certificate (`ca.crt`) + /// + /// and whichever are supplied, will be used for connecting to the + /// STS endpoint. The client cert and key are useful if you are + /// authenticating with a certificate; the CA cert is useful if + /// you are using a self-signed server certificate. The Secret must + /// be of type `Opaque` or `kubernetes.io/tls`. + /// + /// This field is only supported for the `ldap` provider. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] + pub cert_secret_ref: Option, + /// Endpoint is the HTTP/S endpoint of the Security Token Service from + /// where temporary credentials will be fetched. + pub endpoint: String, + /// Provider of the Security Token Service. + pub provider: BucketStsProvider, + /// SecretRef specifies the Secret containing authentication credentials + /// for the STS endpoint. This Secret must contain the fields `username` + /// and `password` and is supported only for the `ldap` provider. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// CertSecretRef can be given the name of a Secret containing +/// either or both of +/// +/// - a PEM-encoded client certificate (`tls.crt`) and private +/// key (`tls.key`); +/// - a PEM-encoded CA certificate (`ca.crt`) +/// +/// and whichever are supplied, will be used for connecting to the +/// STS endpoint. The client cert and key are useful if you are +/// authenticating with a certificate; the CA cert is useful if +/// you are using a self-signed server certificate. The Secret must +/// be of type `Opaque` or `kubernetes.io/tls`. +/// +/// This field is only supported for the `ldap` provider. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketStsCertSecretRef { + /// Name of the referent. + pub name: String, +} + +/// STS specifies the required configuration to use a Security Token +/// Service for fetching temporary credentials to authenticate in a +/// Bucket provider. +/// +/// This field is only supported for the `aws` and `generic` providers. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum BucketStsProvider { + #[serde(rename = "aws")] + Aws, + #[serde(rename = "ldap")] + Ldap, +} + +/// SecretRef specifies the Secret containing authentication credentials +/// for the STS endpoint. This Secret must contain the fields `username` +/// and `password` and is supported only for the `ldap` provider. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketStsSecretRef { + /// Name of the referent. + pub name: String, +} + +/// BucketStatus records the observed state of a Bucket. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketStatus { + /// Artifact represents the last successful Bucket reconciliation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub artifact: Option, + /// Conditions holds the conditions for the Bucket. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// LastHandledReconcileAt holds the value of the most recent + /// reconcile request value, so a change of the annotation value + /// can be detected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastHandledReconcileAt")] + pub last_handled_reconcile_at: Option, + /// ObservedGeneration is the last observed generation of the Bucket object. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, + /// ObservedIgnore is the observed exclusion patterns used for constructing + /// the source artifact. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedIgnore")] + pub observed_ignore: Option, + /// URL is the dynamic fetch link for the latest Artifact. + /// It is provided on a "best effort" basis, and using the precise + /// BucketStatus.Artifact data is recommended. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, +} + +/// Artifact represents the last successful Bucket reconciliation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BucketStatusArtifact { + /// Digest is the digest of the file in the form of ':'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub digest: Option, + /// LastUpdateTime is the timestamp corresponding to the last update of the + /// Artifact. + #[serde(rename = "lastUpdateTime")] + pub last_update_time: String, + /// Metadata holds upstream information such as OCI annotations. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metadata: Option>, + /// Path is the relative file path of the Artifact. It can be used to locate + /// the file in the root of the Artifact storage on the local file system of + /// the controller managing the Source. + pub path: String, + /// Revision is a human-readable identifier traceable in the origin source + /// system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + pub revision: String, + /// Size is the number of bytes in the file. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub size: Option, + /// URL is the HTTP address of the Artifact as exposed by the controller + /// managing the Source. It can be used to retrieve the Artifact for + /// consumption, e.g. by another controller applying the Artifact contents. + pub url: String, +} + diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/gitrepositories.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/gitrepositories.rs index 0b6d8589a..722844f8d 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/gitrepositories.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/gitrepositories.rs @@ -111,14 +111,12 @@ pub struct GitRepositoryRef { pub branch: Option, /// Commit SHA to check out, takes precedence over all reference fields. /// - /// /// This can be combined with Branch to shallow clone the branch, in which /// the commit is expected to exist. #[serde(default, skip_serializing_if = "Option::is_none")] pub commit: Option, /// Name of the reference to check out; takes precedence over Branch, Tag and SemVer. /// - /// /// It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description /// Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head" #[serde(default, skip_serializing_if = "Option::is_none")] @@ -149,7 +147,6 @@ pub struct GitRepositorySecretRef { pub struct GitRepositoryVerify { /// Mode specifies which Git object(s) should be verified. /// - /// /// The variants "head" and "HEAD" both imply the same thing, i.e. verify /// the commit that the HEAD of the Git repository points to. The variant /// "head" solely exists to ensure backwards compatibility. diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/helmrepositories.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/helmrepositories.rs index 3aa83c434..95f3982a5 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/helmrepositories.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/helmrepositories.rs @@ -29,19 +29,16 @@ pub struct HelmRepositorySpec { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// - /// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// - /// /// and whichever are supplied, will be used for connecting to the /// registry. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// - /// /// It takes precedence over the values specified in the Secret referred /// to by `.spec.secretRef`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] @@ -120,19 +117,16 @@ pub struct HelmRepositoryAccessFromNamespaceSelectors { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// -/// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// -/// /// and whichever are supplied, will be used for connecting to the /// registry. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// -/// /// It takes precedence over the values specified in the Secret referred /// to by `.spec.secretRef`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/mod.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/mod.rs index 3daa9126c..2a6414106 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/mod.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1/mod.rs @@ -1,3 +1,4 @@ +pub mod buckets; pub mod gitrepositories; pub mod helmcharts; pub mod helmrepositories; diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/buckets.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/buckets.rs index 95f0ea4a6..42521a5c2 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/buckets.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/buckets.rs @@ -125,8 +125,8 @@ pub struct BucketStatusArtifact { pub checksum: Option, /// LastUpdateTime is the timestamp corresponding to the last update of this /// artifact. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastUpdateTime")] - pub last_update_time: Option, + #[serde(rename = "lastUpdateTime")] + pub last_update_time: String, /// Path is the relative file path of this artifact. pub path: String, /// Revision is a human readable identifier traceable in the origin source diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/gitrepositories.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/gitrepositories.rs index 00d036edb..13c09d899 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/gitrepositories.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/gitrepositories.rs @@ -202,8 +202,8 @@ pub struct GitRepositoryStatusArtifact { pub checksum: Option, /// LastUpdateTime is the timestamp corresponding to the last update of this /// artifact. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastUpdateTime")] - pub last_update_time: Option, + #[serde(rename = "lastUpdateTime")] + pub last_update_time: String, /// Path is the relative file path of this artifact. pub path: String, /// Revision is a human readable identifier traceable in the origin source @@ -223,8 +223,8 @@ pub struct GitRepositoryStatusIncludedArtifacts { pub checksum: Option, /// LastUpdateTime is the timestamp corresponding to the last update of this /// artifact. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastUpdateTime")] - pub last_update_time: Option, + #[serde(rename = "lastUpdateTime")] + pub last_update_time: String, /// Path is the relative file path of this artifact. pub path: String, /// Revision is a human readable identifier traceable in the origin source diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/helmcharts.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/helmcharts.rs index 672f77a90..73095569e 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/helmcharts.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/helmcharts.rs @@ -134,8 +134,8 @@ pub struct HelmChartStatusArtifact { pub checksum: Option, /// LastUpdateTime is the timestamp corresponding to the last update of this /// artifact. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastUpdateTime")] - pub last_update_time: Option, + #[serde(rename = "lastUpdateTime")] + pub last_update_time: String, /// Path is the relative file path of this artifact. pub path: String, /// Revision is a human readable identifier traceable in the origin source diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/helmrepositories.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/helmrepositories.rs index 18c3c8bc3..354e2a2b3 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/helmrepositories.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta1/helmrepositories.rs @@ -113,8 +113,8 @@ pub struct HelmRepositoryStatusArtifact { pub checksum: Option, /// LastUpdateTime is the timestamp corresponding to the last update of this /// artifact. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastUpdateTime")] - pub last_update_time: Option, + #[serde(rename = "lastUpdateTime")] + pub last_update_time: String, /// Path is the relative file path of this artifact. pub path: String, /// Revision is a human readable identifier traceable in the origin source diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/buckets.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/buckets.rs index 04725cd1f..7e27c22a9 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/buckets.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/buckets.rs @@ -32,19 +32,16 @@ pub struct BucketSpec { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// - /// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// - /// /// and whichever are supplied, will be used for connecting to the /// bucket. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// - /// /// This field is only supported for the `generic` provider. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] pub cert_secret_ref: Option, @@ -85,7 +82,6 @@ pub struct BucketSpec { /// Service for fetching temporary credentials to authenticate in a /// Bucket provider. /// - /// /// This field is only supported for the `aws` and `generic` providers. #[serde(default, skip_serializing_if = "Option::is_none")] pub sts: Option, @@ -123,19 +119,16 @@ pub struct BucketAccessFromNamespaceSelectors { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// -/// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// -/// /// and whichever are supplied, will be used for connecting to the /// bucket. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// -/// /// This field is only supported for the `generic` provider. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BucketCertSecretRef { @@ -177,26 +170,22 @@ pub struct BucketSecretRef { /// Service for fetching temporary credentials to authenticate in a /// Bucket provider. /// -/// /// This field is only supported for the `aws` and `generic` providers. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct BucketSts { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// - /// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// - /// /// and whichever are supplied, will be used for connecting to the /// STS endpoint. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// - /// /// This field is only supported for the `ldap` provider. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] pub cert_secret_ref: Option, @@ -215,19 +204,16 @@ pub struct BucketSts { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// -/// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// -/// /// and whichever are supplied, will be used for connecting to the /// STS endpoint. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// -/// /// This field is only supported for the `ldap` provider. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BucketStsCertSecretRef { @@ -239,7 +225,6 @@ pub struct BucketStsCertSecretRef { /// Service for fetching temporary credentials to authenticate in a /// Bucket provider. /// -/// /// This field is only supported for the `aws` and `generic` providers. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum BucketStsProvider { diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/gitrepositories.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/gitrepositories.rs index ed4ab11a7..3b5277255 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/gitrepositories.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/gitrepositories.rs @@ -140,14 +140,12 @@ pub struct GitRepositoryRef { pub branch: Option, /// Commit SHA to check out, takes precedence over all reference fields. /// - /// /// This can be combined with Branch to shallow clone the branch, in which /// the commit is expected to exist. #[serde(default, skip_serializing_if = "Option::is_none")] pub commit: Option, /// Name of the reference to check out; takes precedence over Branch, Tag and SemVer. /// - /// /// It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description /// Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head" #[serde(default, skip_serializing_if = "Option::is_none")] @@ -219,7 +217,6 @@ pub struct GitRepositoryStatus { /// changed. /// It has the format of `:`, for example: `sha256:`. /// - /// /// Deprecated: Replaced with explicit fields for observed artifact content /// config in the status. #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentConfigChecksum")] diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/helmrepositories.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/helmrepositories.rs index f8a3533fc..24b3fd4e9 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/helmrepositories.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/helmrepositories.rs @@ -29,19 +29,16 @@ pub struct HelmRepositorySpec { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// - /// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// - /// /// and whichever are supplied, will be used for connecting to the /// registry. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// - /// /// It takes precedence over the values specified in the Secret referred /// to by `.spec.secretRef`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] @@ -120,19 +117,16 @@ pub struct HelmRepositoryAccessFromNamespaceSelectors { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// -/// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// -/// /// and whichever are supplied, will be used for connecting to the /// registry. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// -/// /// It takes precedence over the values specified in the Secret referred /// to by `.spec.secretRef`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/ocirepositories.rs b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/ocirepositories.rs index b93adfd84..48c0802a1 100644 --- a/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/ocirepositories.rs +++ b/kube-custom-resources-rs/src/source_toolkit_fluxcd_io/v1beta2/ocirepositories.rs @@ -23,19 +23,16 @@ pub struct OCIRepositorySpec { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// - /// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// - /// /// and whichever are supplied, will be used for connecting to the /// registry. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// - /// /// Note: Support for the `caFile`, `certFile` and `keyFile` keys have /// been deprecated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] @@ -97,19 +94,16 @@ pub struct OCIRepositorySpec { /// CertSecretRef can be given the name of a Secret containing /// either or both of /// -/// /// - a PEM-encoded client certificate (`tls.crt`) and private /// key (`tls.key`); /// - a PEM-encoded CA certificate (`ca.crt`) /// -/// /// and whichever are supplied, will be used for connecting to the /// registry. The client cert and key are useful if you are /// authenticating with a certificate; the CA cert is useful if /// you are using a self-signed server certificate. The Secret must /// be of type `Opaque` or `kubernetes.io/tls`. /// -/// /// Note: Support for the `caFile`, `certFile` and `keyFile` keys have /// been deprecated. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -265,7 +259,6 @@ pub struct OCIRepositoryStatus { /// artifact needs to be rebuilt. /// It has the format of `:`, for example: `sha256:`. /// - /// /// Deprecated: Replaced with explicit fields for observed artifact content /// config in the status. #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentConfigChecksum")] diff --git a/kube-custom-resources-rs/src/traefik_io/v1alpha1/ingressroutetcps.rs b/kube-custom-resources-rs/src/traefik_io/v1alpha1/ingressroutetcps.rs index d4c797f0d..b3b66b226 100644 --- a/kube-custom-resources-rs/src/traefik_io/v1alpha1/ingressroutetcps.rs +++ b/kube-custom-resources-rs/src/traefik_io/v1alpha1/ingressroutetcps.rs @@ -102,7 +102,7 @@ pub struct IngressRouteTCPRoutesServices { /// hence fully terminating the connection. /// It is a duration in milliseconds, defaulting to 100. /// A negative value means an infinite deadline (i.e. the reading capability is never closed). - /// Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead. + /// Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationDelay")] pub termination_delay: Option, /// TLS determines whether to use TLS when dialing with the backend.